Common Vulnerabilities and Exposures (CVE)

CVE-2026-39669

Apr 23, 2026 11:35:06 UTC

Missing Authorization vulnerability in NitroPack allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NitroPack: from n/a through 1.19.3.

CVE-2026-31532

Apr 23, 2026 11:12:44 UTC

In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_...

CVE-2026-31531

Apr 23, 2026 11:12:44 UTC

In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() When querying a nexthop object via RTM_GETNEXTHOP, the kernel currently allocates a fixed-size skb using NLMS...

CVE-2025-62110

Apr 23, 2026 11:05:07 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a through 3.3.

CVE-2025-62104

Apr 23, 2026 11:02:06 UTC

Missing Authorization vulnerability in Navneil Naicker ACF Galerie 4 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ACF Galerie 4: from n/a through 1.4.2.

CVE-2026-28040

Apr 23, 2026 11:00:04 UTC

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Booking Manager for WooCommerce: from n/a t...

CVE-2026-21733

Apr 23, 2026 10:52:18 UTC

Vulnerability in Imagination Technologies Graphics DDK on Linux, Android --  RESERVED

CVE-2026-4878

Apr 23, 2026 10:43:32 UTC

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capa...

CVE-2026-6903

Apr 23, 2026 09:45:06 UTC

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that ...

CVE-2026-41564

Apr 23, 2026 09:33:41 UTC

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in...

CVE-2026-6887

Apr 23, 2026 09:31:41 UTC

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

CVE-2026-6886

Apr 23, 2026 09:26:09 UTC

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user.

CVE-2026-6885

Apr 23, 2026 09:05:06 UTC

Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code ex...

CVE-2026-3960

Apr 23, 2026 08:47:48 UTC

A critical remote code execution vulnerability exists in the unauthenticated REST API endpoint /99/ImportSQLTable in H2O-3 version 3.46.0.9 and prior. The vulnerability arises due to insufficient security controls in the parameter blacklist...

CVE-2026-3259

Apr 23, 2026 08:35:04 UTC

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a ...