|
491
|
7.5 |
HIGH
Network
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that cou…
Update
|
CWE-122
CWE-787
Heap-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-33901
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exe…
Update
|
CWE-22
Path Traversal
|
CVE-2026-22562
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.
Affected Products:
UniFi Play PowerAmp (Version 1.0…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-22563
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
Affected Products:
UniFi Play…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-22564
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
Affected Products:
UniFi Play PowerAmp (Versi…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-22565
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
Affected Products:
UniFi Play PowerAmp (Version …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-22566
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
5.5 |
MEDIUM
Local
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expres…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-33902
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
5.5 |
MEDIUM
Local
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an s…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-33905
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
7.5 |
HIGH
Network
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyX…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-33908
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
6.2 |
MEDIUM
Local
|
-
|
-
|
jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-33947
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
