|
1541
|
6.5 |
MEDIUM
Network
|
technitium
|
dnsserver
|
Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-42255
|
2026-04-30 03:54 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads …
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7019
|
2026-04-30 03:44 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7031
|
2026-04-30 03:29 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack ca…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7032
|
2026-04-30 03:26 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
5.9 |
MEDIUM
Network
|
vmware
|
spring_ai
|
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conv…
|
CWE-284
Improper Access Control
|
CVE-2026-40966
|
2026-04-30 03:18 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
8.8 |
HIGH
Network
|
vmware
|
spring_ai
|
SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs.
Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0…
|
CWE-89
SQL Injection
|
CVE-2026-40978
|
2026-04-30 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
6.1 |
MEDIUM
Local
|
vmware
|
spring_ai
|
In Spring AI, having access to a shared environment can expose the ONNX model used by the application.
Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
|
CWE-377
Insecure Temporary File
|
CVE-2026-40979
|
2026-04-30 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Ad…
|
CWE-22
Path Traversal
|
CVE-2026-7396
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7394
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
8.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could ca…
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5367
|
2026-04-30 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
