|
81
|
7.5 |
HIGH
Network
|
-
|
-
|
An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
Affected Products:
UniFi Play PowerAmp (Versi…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-22565
|
2026-04-15 06:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
7.5 |
HIGH
Network
|
huawei
|
harmonyos
emui
|
Vulnerability of improper permission control in the theme setting module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
New
|
CWE-275
Permission Issues
|
CVE-2026-28553
|
2026-04-15 06:16 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
9.6 |
CRITICAL
Network
|
hpe
|
aruba_networking_private_5g_core
|
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the l…
New
|
CWE-601
Open Redirect
|
CVE-2026-23818
|
2026-04-15 06:15 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
8.8 |
HIGH
Network
|
aster-te
|
terrapack_tkservercgi
terrapack_tkwebcoreng
terrapack_tpkwebgis
|
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable compon…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-67260
|
2026-04-15 05:54 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
8.8 |
HIGH
Network
|
aster-te
|
terrapack_tkservercgi
terrapack_tkwebcoreng
terrapack_tpkwebgis
|
El software Terrapack, de ASTER TEC / ASTER S.p.A., con los componentes y versiones indicados tiene una vulnerabilidad de carga de archivos que puede permitir a los atacantes ejecutar código arbitrar…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-67260
|
2026-04-15 05:54 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
9.8 |
CRITICAL
Network
|
anolis
|
sysak
|
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
New
|
CWE-94
Code Injection
|
CVE-2024-44722
|
2026-04-15 05:48 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
9.8 |
CRITICAL
Network
|
anolis
|
sysak
|
SysAK v2.0 y versiones anteriores son vulnerables a la ejecución de comandos a través de «aaa;cat /etc /passwd».
New
|
CWE-94
Code Injection
|
CVE-2024-44722
|
2026-04-15 05:48 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
7.5 |
HIGH
Network
|
microsoft
|
.net
|
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorre…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-25667
|
2026-04-15 05:47 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
7.5 |
HIGH
Network
|
microsoft
|
.net
|
ASP.NET Core Kestrel en Microsoft .NET 8.0 antes de 8.0.22 y .NET 9.0 antes de 9.0.11 permite a un atacante remoto causar un consumo excesivo de CPU mediante el envío de un paquete QUIC manipulado, d…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-25667
|
2026-04-15 05:47 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
7.1 |
HIGH
Local
|
libexif_project
|
libexif
|
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-40386
|
2026-04-15 05:43 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
