|
381
|
5.6 |
MEDIUM
Local
|
huawei
|
harmonyos
|
Double free vulnerability in the multi-mode input system.
Impact: Successful exploitation of this vulnerability may affect availability.
|
CWE-415
Double Free
|
CVE-2026-34867
|
2026-04-18 04:24 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
3.5 |
LOW
Network
|
heatmiser
|
wifi_thermostat
|
Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious r…
|
CWE-352
Origin Validation Error
|
CVE-2019-25708
|
2026-04-18 04:17 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
7.1 |
HIGH
Network
|
ebrigade
|
ebrigade
|
eBrigade ERP 4.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can sen…
|
CWE-89
SQL Injection
|
CVE-2019-25707
|
2026-04-18 04:17 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
7.8 |
HIGH
Local
|
interference-security
|
echo_mirage
|
Echo Mirage 3.1 contains a stack buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized string in the Rules action fiel…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-25705
|
2026-04-18 04:16 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creati…
|
CWE-88
Argument Injection
|
CVE-2026-6437
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
9.1 |
CRITICAL
Network
|
-
|
-
|
OpenViking prior to commit c7bb167 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration…
|
CWE-636
Not Failing Securely ('Failing Open')
|
CVE-2026-40525
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when deserializing a slice packet, the xdr_datum() function does not validate that a cs…
|
CWE-120
CWE-502
Classic Buffer Overflow
Deserialization of Untrusted Data
|
CVE-2026-33337
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
- |
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the ClumpletReader::getClumpletSize() function can overflow the totalLength value when …
|
CWE-190
CWE-835
Integer Overflow or Wraparound
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-28214
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
7.5 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared stru…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-28212
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
8.2 |
HIGH
Network
|
-
|
-
|
Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes s…
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-27890
|
2026-04-18 04:16 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
