|
361
|
6.1 |
MEDIUM
Local
|
vmware
|
spring_ai
|
In Spring AI, having access to a shared environment can expose the ONNX model used by the application.
Affected versions:
Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5)
New
|
CWE-377
Insecure Temporary File
|
CVE-2026-40979
|
2026-04-30 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Ad…
New
|
CWE-22
Path Traversal
|
CVE-2026-7396
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parame…
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7394
|
2026-04-30 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
8.6 |
HIGH
Network
|
-
|
-
|
A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could ca…
Update
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5367
|
2026-04-30 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
6.5 |
MEDIUM
Network
|
vmware
|
spring_ai
|
In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`.
Affected versions:
Spring AI: 1.0.0 - 1.…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40980
|
2026-04-30 03:15 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix off-by-8 bounds check in check_wsl_eas()
The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA
n…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31614
|
2026-04-30 03:03 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Re…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7101
|
2026-04-30 02:42 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comm…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7102
|
2026-04-30 02:41 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
New
|
CWE-248
Uncaught Exception
|
CVE-2026-5937
|
2026-04-30 02:31 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
New
|
CWE-691
Insufficient Control Flow Management
|
CVE-2026-5938
|
2026-04-30 02:29 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
