Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Vulnerability List - Page 35

CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-3960 Remote Code Execution in h2oai/h2o-3 h2oaih2oai/h2o-3--2026-04-23 08:47:49 Deep Dive
CVE-2026-3259 Sensitive Data Disclosure in BigQuery via Materialized View Error Messages Google CloudBigQuery--2026-04-23 08:35:04 Deep Dive
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process smubExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) High 7.2 2026-04-23 08:28:26 Deep Dive
CVE-2026-41564 CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking MIKCryptX--2026-04-23 07:29:26 Deep Dive
CVE-2026-41040 GROWI 安全漏洞 GROWI, Inc.GROWI--2026-04-23 06:59:38 Deep Dive
CVE-2025-10549 DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation EfficientLab, LLCControlio--2026-04-23 06:57:27 Deep Dive
CVE-2026-34488 i-PRO IP Setting Software 代码问题漏洞 i-PRO Co., Ltd.IP Setting Software--2026-04-23 06:17:14 Deep Dive
CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS UnknownreCaptcha by WebDesignBy--2026-04-23 06:00:09 Deep Dive
CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure UnknownHT Mega Addons for Elementor--2026-04-23 06:00:06 Deep Dive
CVE-2026-41990 Libgcrypt 缓冲区错误漏洞 gnupgLibgcrypt Medium 4.0 2026-04-23 04:39:05 Deep Dive
CVE-2026-41989 Libgcrypt 缓冲区错误漏洞 gnupgLibgcrypt Medium 6.7 2026-04-23 04:30:26 Deep Dive
CVE-2026-40529 KANATA CMS ALAYA SQL注入漏洞 KANATA LimitedCMS ALAYA--2026-04-23 04:15:33 Deep Dive
CVE-2026-41988 uuid 安全漏洞 uuidjsuuid Low 3.2 2026-04-23 04:00:55 Deep Dive
CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() froxlorfroxlor Medium 5.4 2026-04-23 04:00:19 Deep Dive
CVE-2026-41232 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing froxlorfroxlor Medium 5.0 2026-04-23 03:54:56 Deep Dive
CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron froxlorfroxlor High 7.5 2026-04-23 03:52:43 Deep Dive
CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() froxlorfroxlor High 8.5 2026-04-23 03:47:11 Deep Dive
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) froxlorfroxlor Critical 9.1 2026-04-23 03:44:26 Deep Dive
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution froxlorfroxlor Critical 9.9 2026-04-23 03:41:47 Deep Dive
CVE-2026-3361 WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta tijmensmitWP Store Locator Medium 6.4 2026-04-23 03:26:37 Deep Dive