8.7

CVSS4.0

CVE-2026-41040 -

GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.

πŸ“… Published: April 23, 2026, 6:59 a.m. πŸ”„ Last Modified: April 28, 2026, 2 a.m.

5.1

CVSS3.1

CVE-2025-10549 - DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected servi…

πŸ“… Published: April 23, 2026, 6:57 a.m. πŸ”„ Last Modified: April 28, 2026, 9:26 a.m.

7

CVSS4.0

CVE-2026-34488 -

IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.

πŸ“… Published: April 23, 2026, 6:17 a.m. πŸ”„ Last Modified: April 28, 2026, 9:26 a.m.

3.5

CVSS3.1

CVE-2026-4512 - WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS

The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to i…

πŸ“… Published: April 23, 2026, 6 a.m. πŸ”„ Last Modified: April 28, 2026, 9:26 a.m.

5.3

CVSS3.1

CVE-2026-4106 - HT Mega < 3.0.7 – Unauthenticated PII Disclosure

The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days

πŸ“… Published: April 23, 2026, 6 a.m. πŸ”„ Last Modified: April 28, 2026, 9:26 a.m.

4

CVSS3.1

CVE-2026-41990 -

Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.

πŸ“… Published: April 23, 2026, 4:39 a.m. πŸ”„ Last Modified: April 24, 2026, 2:50 p.m.

6.7

CVSS3.1

CVE-2026-41989 - Libgcrypt: Libgcrypt: Denial of Service and buffer overflow via crafted ECDH ciphertext

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.

πŸ“… Published: April 23, 2026, 4:30 a.m. πŸ”„ Last Modified: April 24, 2026, 2:50 p.m.

5.1

CVSS4.0

CVE-2026-40529 -

CMS ALAYA provided by KANATA Limited contains an SQL injection vulnerability. Information stored in the database may be obtained or altered by an attacker with access to the administrative interface.

πŸ“… Published: April 23, 2026, 4:15 a.m. πŸ”„ Last Modified: April 28, 2026, 9:26 a.m.

3.2

CVSS3.1

CVE-2026-41988 - uuid: uuid: Unexpected data writes when using external output buffers with specific UUID versions

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.

πŸ“… Published: April 23, 2026, 4 a.m. πŸ”„ Last Modified: April 24, 2026, 2:50 p.m.

5.4

CVSS3.1

CVE-2026-41233 - Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly cr…

πŸ“… Published: April 23, 2026, 4 a.m. πŸ”„ Last Modified: April 27, 2026, 4:59 p.m.
Total resulsts: 347783
Page 166 of 34,779
Β« previous page Β» next page
Filters