|
31
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7392
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7391
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
- |
|
-
|
-
|
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.
The Parse, print, get…
New
|
CWE-416
CWE-825
Use After Free
Expired Pointer Dereference
|
CVE-2026-7111
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
6.3 |
MEDIUM
Network
|
-
|
-
|
An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect h…
New
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-6915
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server.
This issue affects all MongoDB Server v8.2 versions, all MongoDB Serv…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-6914
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-0206
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
6.8 |
MEDIUM
Adjacent
|
-
|
-
|
A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-0205
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
8.0 |
HIGH
Adjacent
|
-
|
-
|
A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.
New
|
CWE-306
CWE-1390
Missing Authentication for Critical Function
Weak Authentication
|
CVE-2026-0204
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 and fixed in v.7.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the virtual…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-56537
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
6.1 |
MEDIUM
Network
|
-
|
-
|
A stored cross-site scripting (XSS) vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter.
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-56536
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
