|
1391
|
8.8 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow Desktop 1.6.0 through 1.8.2 Langflow could allow an authenticated user to execute arbitrary code on the system, caused by an insecure default setting which permits the deserialization of…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-3357
|
2026-04-15 06:28 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
7.5 |
HIGH
Network
|
huawei
|
harmonyos
emui
|
Vulnerability of improper permission control in the theme setting module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
CWE-275
Permission Issues
|
CVE-2026-28553
|
2026-04-15 06:16 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
9.6 |
CRITICAL
Network
|
hpe
|
aruba_networking_private_5g_core
|
A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the l…
|
CWE-601
Open Redirect
|
CVE-2026-23818
|
2026-04-15 06:15 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
8.8 |
HIGH
Network
|
aster-te
|
terrapack_tkservercgi
terrapack_tkwebcoreng
terrapack_tpkwebgis
|
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable compon…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-67260
|
2026-04-15 05:54 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
8.8 |
HIGH
Network
|
aster-te
|
terrapack_tkservercgi
terrapack_tkwebcoreng
terrapack_tpkwebgis
|
El software Terrapack, de ASTER TEC / ASTER S.p.A., con los componentes y versiones indicados tiene una vulnerabilidad de carga de archivos que puede permitir a los atacantes ejecutar código arbitrar…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2025-67260
|
2026-04-15 05:54 |
2026-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
9.8 |
CRITICAL
Network
|
anolis
|
sysak
|
SysAK v2.0 and before is vulnerable to command execution via aaa;cat /etc/passwd.
|
CWE-94
Code Injection
|
CVE-2024-44722
|
2026-04-15 05:48 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
9.8 |
CRITICAL
Network
|
anolis
|
sysak
|
SysAK v2.0 y versiones anteriores son vulnerables a la ejecución de comandos a través de «aaa;cat /etc /passwd».
|
CWE-94
Code Injection
|
CVE-2024-44722
|
2026-04-15 05:48 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
7.5 |
HIGH
Network
|
microsoft
|
.net
|
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorre…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-25667
|
2026-04-15 05:47 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
7.5 |
HIGH
Network
|
microsoft
|
.net
|
ASP.NET Core Kestrel en Microsoft .NET 8.0 antes de 8.0.22 y .NET 9.0 antes de 9.0.11 permite a un atacante remoto causar un consumo excesivo de CPU mediante el envío de un paquete QUIC manipulado, d…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-25667
|
2026-04-15 05:47 |
2026-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
7.1 |
HIGH
Local
|
libexif_project
|
libexif
|
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-40386
|
2026-04-15 05:43 |
2026-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
