|
131
|
7.7 |
HIGH
Local
|
-
|
-
|
Anviz CX7 Firmware is
vulnerable because the application embeds reusable certificate/key
material, enabling decryption of MQTT traffic and potential interaction
with device messaging channels at s…
New
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-32324
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
8.8 |
HIGH
Local
|
-
|
-
|
xrdp is an open source RDP server. In versions through 0.10.5, the session execution component did not properly handle an error during the privilege drop process. This improper privilege management c…
New
|
CWE-273
Improper Check for Dropped Privileges
|
CVE-2026-32107
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
- |
|
-
|
-
|
xrdp is an open source RDP server. In versions through 0.10.5, xrdp does not implement verification for the Message Authentication Code (MAC) signature of encrypted RDP packets when using the "Classi…
New
|
CWE-354
Improper Validation of Integrity Check Value
|
CVE-2026-32105
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal
to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized
SSH access when combined with deb…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-31927
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
8.2 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an op_crypt_key_callback packet without prior authentication, …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28224
|
2026-04-18 05:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
5.1 |
MEDIUM
Local
|
huawei
|
harmonyos
|
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-34866
|
2026-04-18 04:26 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
9.1 |
CRITICAL
Network
|
huawei
|
harmonyos
|
Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34865
|
2026-04-18 04:25 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
5.7 |
MEDIUM
Local
|
huawei
|
harmonyos
emui
|
Out-of-bounds write vulnerability in the kernel module.
Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-34855
|
2026-04-18 04:25 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
5.6 |
MEDIUM
Local
|
huawei
|
harmonyos
|
Double free vulnerability in the multi-mode input system.
Impact: Successful exploitation of this vulnerability may affect availability.
Update
|
CWE-415
Double Free
|
CVE-2026-34867
|
2026-04-18 04:24 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
3.5 |
LOW
Network
|
heatmiser
|
wifi_thermostat
|
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious r…
Update
|
CWE-352
Origin Validation Error
|
CVE-2019-25708
|
2026-04-18 04:17 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
