|
3881
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argum…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7098
|
2026-04-30 23:03 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3882
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can …
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7029
|
2026-04-30 23:03 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3883
|
8.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.8 contains a server-side request forgery vulnerability in QQ Bot media download paths that bypass SSRF protection. Attackers can exploit unprotected media fetch endpoints to ac…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41914
|
2026-04-30 23:02 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3884
|
7.5 |
HIGH
Network
|
vmware
|
spring_boot
|
Values produced by ${random.value} are not suitable for use as secrets. ${random.uuid} is not affected. ${random.int} and ${random.long} should never be used for secrets as they are numeric values wi…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-40975
|
2026-04-30 22:57 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3885
|
9.1 |
CRITICAL
Network
|
vmware
|
spring_boot
|
In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web applica…
|
CWE-862
Missing Authorization
|
CVE-2026-40976
|
2026-04-30 22:54 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3886
|
6.7 |
MEDIUM
Local
|
vmware
|
spring_boot
|
When an application is configured to use `ApplicationPidFileWriter`, a local attacker with write access to the PID file's location can corrupt one file on the host each time the application is starte…
|
CWE-59
Link Following
|
CVE-2026-40977
|
2026-04-30 22:37 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3887
|
8.8 |
HIGH
Network
|
vmware
|
spring_grpc
|
When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the …
|
CWE-653
Improper Isolation or Compartmentalization
|
CVE-2026-40968
|
2026-04-30 22:32 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3888
|
8.8 |
HIGH
Network
|
dlink
|
dir-825m_firmware
|
A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads …
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7288
|
2026-04-30 22:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3889
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_grpc
|
The raw message of every server-side AuthenticationException is returned to the unauthenticated remote caller in the gRPC status description. This allows an attacker to obtain information about the a…
|
CWE-209
Information Exposure Through an Error Message
|
CVE-2026-40969
|
2026-04-30 22:24 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3890
|
8.8 |
HIGH
Network
|
dlink
|
dir-825m_firmware
|
A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer o…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7289
|
2026-04-30 22:19 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
