CVE-2025-66286 - Webkitgtk: authorization bypass through webpage::send-request signal handler
Published: Thu, 23 Apr 2026 12:33:50 +0000
CVE ID :CVE-2025-66286
Published : April 23, 2026, 12:33 p.m. | 52 minutes ago
Description :An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the
WebPage::send-request signal handler to approve or reject all network requests. However, certain types of HTTP requests bypass this signal handler.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13763 - Libopensc: opensc: multiple uses of uninitialized variable
Published: Thu, 23 Apr 2026 12:27:41 +0000
CVE ID :CVE-2025-13763
Published : April 23, 2026, 12:27 p.m. | 58 minutes ago
Description :Multiple uses of uninitialized variables were found in libopensc that may lead to information disclosure or application crash. An attack requires a crafted USB device or smart card that would present the system with specially crafted responses to the APDUs
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-31532 - can: raw: fix ro->uniq use-after-free in raw_rcv()
Published: Thu, 23 Apr 2026 12:17:01 +0000
CVE ID :CVE-2026-31532
Published : April 23, 2026, 12:17 p.m. | 1 hour, 9 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved:
can: raw: fix ro->uniq use-after-free in raw_rcv()
raw_release() unregisters raw CAN receive filters via can_rx_unregister(),
but receiver deletion is deferred with call_rcu(). This leaves a window
where raw_rcv() may still be running in an RCU read-side critical section
after raw_release() frees ro->uniq, leading to a use-after-free of the
percpu uniq storage.
Move free_percpu(ro->uniq) out of raw_release() and into a raw-specific
socket destructor. can_rx_unregister() takes an extra reference to the
socket and only drops it from the RCU callback, so freeing uniq from
sk_destruct ensures the percpu area is not released until the relevant
callbacks have drained.
[mkl: applied manually]
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-31531 - ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
Published: Thu, 23 Apr 2026 12:17:01 +0000
CVE ID :CVE-2026-31531
Published : April 23, 2026, 12:17 p.m. | 1 hour, 9 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved:
ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop()
When querying a nexthop object via RTM_GETNEXTHOP, the kernel currently
allocates a fixed-size skb using NLMSG_GOODSIZE. While sufficient for
single nexthops and small Equal-Cost Multi-Path groups, this fixed
allocation fails for large nexthop groups like 512 nexthops.
This results in the following warning splat:
WARNING: net/ipv4/nexthop.c:3395 at rtm_get_nexthop+0x176/0x1c0, CPU#20: rep/4608
[...]
RIP: 0010:rtm_get_nexthop (net/ipv4/nexthop.c:3395)
[...]
Call Trace:
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28040 - WordPress Taxi Booking Manager for WooCommerce plugin <= 2.0.0 - Cross Site Scripting (XSS) vulnerability
Published: Thu, 23 Apr 2026 12:17:01 +0000
CVE ID :CVE-2026-28040
Published : April 23, 2026, 12:17 p.m. | 1 hour, 9 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: from n/a through 2.0.0.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62110 - WordPress Rescue Shortcodes plugin <= 3.3 - Cross Site Scripting (XSS) vulnerability
Published: Thu, 23 Apr 2026 12:17:01 +0000
CVE ID :CVE-2025-62110
Published : April 23, 2026, 12:17 p.m. | 1 hour, 9 minutes ago
Description :Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62104 - WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability
Published: Thu, 23 Apr 2026 12:17:01 +0000
CVE ID :CVE-2025-62104
Published : April 23, 2026, 12:17 p.m. | 1 hour, 9 minutes ago
Description :Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-39440 - WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability
Published: Thu, 23 Apr 2026 12:11:41 +0000
CVE ID :CVE-2026-39440
Published : April 23, 2026, 12:11 p.m. | 1 hour, 14 minutes ago
Description :Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6903 - Path Traversal Vulnerability in LabOne User Interface
Published: Thu, 23 Apr 2026 10:16:18 +0000
CVE ID :CVE-2026-6903
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the LabOne software.
Additionally, the Web Server does not sufficiently restrict cross-origin requests, which could allow a remote attacker to trigger file access from a victim's browser by directing the victim to a malicious website.
The vulnerability is only exploitable when the LabOne Web Server is running. Installations using only the LabOne APIs without starting the Web Server are not exposed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6887 - BorG Technology Corporation|Borg SPM 2007 - SQL Injection
Published: Thu, 23 Apr 2026 10:16:18 +0000
CVE ID :CVE-2026-6887
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6886 - BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass
Published: Thu, 23 Apr 2026 10:16:18 +0000
CVE ID :CVE-2026-6886
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6885 - BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload
Published: Thu, 23 Apr 2026 10:16:18 +0000
CVE ID :CVE-2026-6885
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5464 - ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process
Published: Thu, 23 Apr 2026 10:16:18 +0000
CVE ID :CVE-2026-5464
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :The ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation in all versions up to, and including, 9.1.2. This is due to the reports page exposing the 'onboarding_key' transient to any user with the 'exactmetrics_view_dashboard' capability. This key is the sole authorization gate for the '/wp-json/exactmetrics/v1/onboarding/connect-url' REST endpoint, which returns a one-time hash (OTH) token. This OTH token is then the only credential checked by the 'exactmetrics_connect_process' AJAX endpoint — which has no capability check, no nonce verification, and accepts an arbitrary plugin ZIP URL via the file parameter for installation and activation. This makes it possible for authenticated attackers, with Editor-level access and above granted the report viewing permission, to install and activate arbitrary plugins from attacker-controlled URLs, leading to Remote Code Execution.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3960 - Remote Code Execution in h2oai/h2o-3
Published: Thu, 23 Apr 2026 10:16:17 +0000
CVE ID :CVE-2026-3960
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist mechanism, which only targets MySQL JDBC driver-specific dangerous parameters. An attacker can bypass these controls by switching the JDBC URL protocol to jdbc:postgresql: and exploiting PostgreSQL JDBC driver-specific parameters such as socketFactory and socketFactoryArg. This allows unauthenticated attackers to execute arbitrary code on the H2O-3 server with the privileges of the H2O-3 process. The issue is resolved in version 3.46.0.10.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3259 - Sensitive Data Disclosure in BigQuery via Materialized View Error Messages
Published: Thu, 23 Apr 2026 10:16:16 +0000
CVE ID :CVE-2026-3259
Published : April 23, 2026, 10:16 a.m. | 3 hours, 9 minutes ago
Description :A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error during the refresh process.
This vulnerability was patched on 29 January 2026, and no customer action is needed.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41564 - CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
Published: Thu, 23 Apr 2026 08:16:01 +0000
CVE ID :CVE-2026-41564
Published : April 23, 2026, 8:16 a.m. | 5 hours, 10 minutes ago
Description :CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking.
The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A Crypt::PK::* object created before `fork()` shares byte-identical PRNG state with every child process, and any randomized operation they perform can produce identical output, including key generation. Two ECDSA or DSA signatures from different processes are enough to recover the signing private key through nonce-reuse key recovery.
This affects preforking services such as the Starman web server, where a Crypt::PK::* object loaded at startup is inherited by every worker process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4512 - WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS
Published: Thu, 23 Apr 2026 07:16:41 +0000
CVE ID :CVE-2026-4512
Published : April 23, 2026, 7:16 a.m. | 6 hours, 9 minutes ago
Description :The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This allows administrators on multisite installations (who do not have the unfiltered_html capability) to inject arbitrary JavaScript that executes for all visitors to the WordPress login page.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4106 - HT Mega < 3.0.7 – Unauthenticated PII Disclosure
Published: Thu, 23 Apr 2026 07:16:41 +0000
CVE ID :CVE-2026-4106
Published : April 23, 2026, 7:16 a.m. | 6 hours, 9 minutes ago
Description :The HT Mega Addons for Elementor WordPress plugin before 3.0.7 contains an unauthenticated AJAX action returning some PII (such as full name, city, state and country) of customers who placed orders in the last 7 days
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41040 - GROWI ReDoS Denial of Service
Published: Thu, 23 Apr 2026 07:16:41 +0000
CVE ID :CVE-2026-41040
Published : April 23, 2026, 7:16 a.m. | 6 hours, 9 minutes ago
Description :GROWI provided by GROWI, Inc. is vulnerable to a regular expression denial of service (ReDoS) via a crafted input string.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-34488 - IP Setting Software DLL Search Path Insecure Library Loading Vulnerability
Published: Thu, 23 Apr 2026 07:16:40 +0000
CVE ID :CVE-2026-34488
Published : April 23, 2026, 7:16 a.m. | 6 hours, 9 minutes ago
Description :IP Setting Software contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with administrative privileges.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10549 - DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation
Published: Thu, 23 Apr 2026 07:16:39 +0000
CVE ID :CVE-2025-10549
Published : April 23, 2026, 7:16 a.m. | 6 hours, 9 minutes ago
Description :EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected service runs as NT AUTHORITY\SYSTEM.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41990 - Libgcrypt Dilithium Signature Validation Buffer Overflow
Published: Thu, 23 Apr 2026 05:16:05 +0000
CVE ID :CVE-2026-41990
Published : April 23, 2026, 5:16 a.m. | 8 hours, 10 minutes ago
Description :Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41989 - Libgcrypt Cryptographic Buffer Overflow Denial of Service
Published: Thu, 23 Apr 2026 05:16:05 +0000
CVE ID :CVE-2026-41989
Published : April 23, 2026, 5:16 a.m. | 8 hours, 10 minutes ago
Description :Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41988 - Apache UUID Unexpected Write Vulnerability
Published: Thu, 23 Apr 2026 05:16:05 +0000
CVE ID :CVE-2026-41988
Published : April 23, 2026, 5:16 a.m. | 8 hours, 10 minutes ago
Description :uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue.
Severity: 3.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41233 - Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()
Published: Thu, 23 Apr 2026 05:16:05 +0000
CVE ID :CVE-2026-41233
Published : April 23, 2026, 5:16 a.m. | 8 hours, 10 minutes ago
Description :Froxlor is open source server administration software. Prior to version 2.3.6, in `Domains.add()`, the `adminid` parameter is accepted from user input and used without validation when the calling reseller does not have the `customers_see_all` permission. This allows a reseller to attribute newly created domains to any other admin, bypassing their own domain quota (since the wrong admin's `domains_used` counter is incremented) and potentially exhausting another admin's quota. Version 2.3.6 fixes the issue.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
