|
21
|
7.5 |
HIGH
Network
|
-
|
-
|
A NULL pointer dereference vulnerability exists in fio (Flexible I/O Tester) v3.41 when parsing job files containing the fdp_pli option. The callback function str_fdp_pli_cb() does not validate the i…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-30656
|
2026-04-17 03:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
|
-
|
-
|
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a…
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-2336
|
2026-04-17 03:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
- |
|
-
|
-
|
zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The z…
New
|
CWE-120
CWE-131
Classic Buffer Overflow
Incorrect Calculation of Buffer Size
|
CVE-2026-27820
|
2026-04-17 03:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-24749
|
2026-04-17 03:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
4.1 |
MEDIUM
Local
|
-
|
-
|
Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially explo…
New
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2025-43883
|
2026-04-17 03:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
6.8 |
MEDIUM
Physics
|
samsung
|
android
|
Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.
New
|
NVD-CWE-noinfo
|
CVE-2026-21003
|
2026-04-17 02:25 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
5.5 |
MEDIUM
Local
|
samsung
|
galaxy_wearable
|
Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.
New
|
CWE-276
Incorrect Default Permissions
|
CVE-2026-21013
|
2026-04-17 02:24 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
2.8 |
LOW
Local
|
samsung
|
camera
|
Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.
New
|
NVD-CWE-noinfo
|
CVE-2026-21014
|
2026-04-17 02:23 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
2.9 |
LOW
Local
|
-
|
-
|
libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-41080
|
2026-04-17 02:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
9.4 |
CRITICAL
Network
|
-
|
-
|
SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.
New
|
CWE-89
SQL Injection
|
CVE-2026-37338
|
2026-04-17 02:16 |
2026-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
