|
581
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability i…
Update
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-6385
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
582
|
- |
|
-
|
-
|
Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using R…
Update
|
CWE-326
Inadequate Encryption Strength
|
CVE-2026-5363
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
583
|
- |
|
-
|
-
|
An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources duri…
Update
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-1880
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
584
|
- |
|
-
|
-
|
A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a T…
Update
|
CWE-367
CWE-494
Time-of-check Time-of-use (TOCTOU) Race Condition
Download of Code Without Integrity Check
|
CVE-2026-3428
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
585
|
7.3 |
HIGH
Local
|
-
|
-
|
Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially e…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-23772
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
586
|
- |
|
-
|
-
|
Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2025-15621
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
587
|
5.9 |
MEDIUM
Network
|
-
|
-
|
@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows …
Update
|
CWE-177
Improper Handling of URL Encoding (Hex Encoding)
|
CVE-2026-6414
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
588
|
8.1 |
HIGH
Network
|
-
|
-
|
Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.
Update
|
CWE-89
SQL Injection
|
CVE-2026-5785
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
589
|
9.1 |
CRITICAL
Network
|
-
|
-
|
@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent s…
Update
|
CWE-436
Interpretation Conflict
|
CVE-2026-6270
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
590
|
5.3 |
MEDIUM
Network
|
-
|
-
|
@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static…
Update
|
CWE-22
Path Traversal
|
CVE-2026-6410
|
2026-04-18 00:17 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
