|
11
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7394
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
8.0 |
HIGH
Network
|
-
|
-
|
This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-5712
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
8.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could ca…
Update
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5367
|
2026-04-30 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, res…
New
|
CWE-124
CWE-191
Buffer Underflow
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-26204
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
- |
|
-
|
-
|
DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a …
New
|
CWE-77
Command Injection
|
CVE-2026-26015
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_ai
|
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`.
Affected versions:
Spring AI: 1.0.0 - 1.…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40980
|
2026-04-30 03:15 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix off-by-8 bounds check in check_wsl_eas()
The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA
n…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31614
|
2026-04-30 03:03 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argum…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7098
|
2026-04-30 02:55 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argumen…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7099
|
2026-04-30 02:44 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overf…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7100
|
2026-04-30 02:43 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
