|
701
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix off-by-8 bounds check in check_wsl_eas()
The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA
n…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-31614
|
2026-04-30 03:03 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Re…
Update
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7101
|
2026-04-30 02:42 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comm…
Update
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7102
|
2026-04-30 02:41 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate.
Update
|
CWE-248
Uncaught Exception
|
CVE-2026-5937
|
2026-04-30 02:31 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service.
Update
|
CWE-691
Insufficient Control Flow Management
|
CVE-2026-5938
|
2026-04-30 02:29 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
Update
|
CWE-416
Use After Free
|
CVE-2026-5939
|
2026-04-30 02:28 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
Update
|
CWE-416
Use After Free
|
CVE-2026-5940
|
2026-04-30 02:26 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
7.1 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inte…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-5941
|
2026-04-30 02:24 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
Update
|
CWE-416
Use After Free
|
CVE-2026-5942
|
2026-04-30 02:18 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
7.8 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not pro…
Update
|
CWE-416
Use After Free
|
CVE-2026-5943
|
2026-04-30 02:18 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
