|
861
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security…
|
CWE-307
CWE-362
CWE-367
mproper Restriction of Excessive Authentication Attempts
Race Condition
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-26206
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in print_hex_string() i…
|
CWE-121
CWE-400
Stack-based Buffer Overflow
Uncontrolled Resource Consumption
|
CVE-2026-28221
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchroniz…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-30893
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2018-25317
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
7.4 |
HIGH
Network
|
-
|
-
|
Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers.
This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C.
This issue affects …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42799
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
7.4 |
HIGH
Network
|
-
|
-
|
NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation.
This vulnerability is associated with program files sip/utils/src/s…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-42800
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation.…
|
CWE-200
CWE-359
Information Exposure
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-7382
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
8.1 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7399
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-7402
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
7.5 |
HIGH
Network
|
frappe
|
press
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like expl…
|
CWE-352
Origin Validation Error
|
CVE-2026-41317
|
2026-04-30 23:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
