|
1011
|
7.1 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inte…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-5941
|
2026-04-30 02:24 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
5.5 |
MEDIUM
Local
|
foxit
|
pdf_editor
pdf_reader
|
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
|
CWE-416
Use After Free
|
CVE-2026-5942
|
2026-04-30 02:18 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
7.8 |
HIGH
Local
|
foxit
|
pdf_editor
pdf_reader
|
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not pro…
|
CWE-416
Use After Free
|
CVE-2026-5943
|
2026-04-30 02:18 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performin…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7393
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7392
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7391
|
2026-04-30 02:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
6.1 |
MEDIUM
Local
|
artifex
|
mupdf
|
A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulatio…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-7233
|
2026-04-30 02:15 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
5.3 |
MEDIUM
Local
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41332
|
2026-04-30 02:10 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths…
|
CWE-497
Exposure of Sensitive System Information to an Unauthorized Control Sphere
|
CVE-2026-41339
|
2026-04-30 02:06 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: validate EaNameLength in smb2_get_ea()
smb2_get_ea() reads ea_req->EaNameLength from the client request and
passes it dire…
|
NVD-CWE-noinfo
|
CVE-2026-31612
|
2026-04-30 02:00 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
