|
691
|
5.9 |
MEDIUM
Network
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparoun…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-33900
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
692
|
3.5 |
LOW
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SS…
|
CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)
|
CVE-2026-33659
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
693
|
5.4 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) vuln…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33740
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
694
|
7.5 |
HIGH
Network
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that cou…
|
CWE-122
CWE-787
Heap-based Buffer Overflow
Out-of-bounds Write
|
CVE-2026-33901
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
695
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exe…
|
CWE-22
Path Traversal
|
CVE-2026-22562
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
696
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network.
Affected Products:
UniFi Play PowerAmp (Version 1.0…
|
CWE-20
Improper Input Validation
|
CVE-2026-22563
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
697
|
9.8 |
CRITICAL
Network
|
-
|
-
|
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
Affected Products:
UniFi Play…
|
CWE-284
Improper Access Control
|
CVE-2026-22564
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
698
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
Affected Products:
UniFi Play PowerAmp (Versi…
|
CWE-20
Improper Input Validation
|
CVE-2026-22565
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
699
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
Affected Products:
UniFi Play PowerAmp (Version …
|
CWE-284
Improper Access Control
|
CVE-2026-22566
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
700
|
5.5 |
MEDIUM
Local
|
-
|
-
|
ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expres…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-33902
|
2026-04-18 00:26 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
