2026-04-05 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2026-35616 | Fortinet - FortiClientEMS | A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | CVSS3.1: 9.1 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2020-37216 | Belden - Hirschmann HiOS | Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable. | CVSS3.1: 7.5 - HIGH CVSS4.0: 8.7 - HIGH | 0 1 | Exploitation: noneAutomatable: yesTechnical Impact: partial | Hirschmann HiOS EtherNet/IP Stack Denial of Service | github |
| CVE-2026-22815 | aio-libs - aiohttp | AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4. | CVSS4.0: 6.9 - MEDIUM CVSS3.1: 7.5 - HIGH | 0 1 2 | Exploitation: noneAutomatable: yesTechnical Impact: partial | AIOHTTP: Uncapped memory usage possible through aiohttp allowing unlimited trailer headers | github |
This post is licensed under CC BY 4.0 by the author.