|
821
|
9.8 |
CRITICAL
Network
|
apache
|
mina
|
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41409
|
2026-04-30 04:08 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
staging: sm750fb: fix division by zero in ps_to_hz()
ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating
that p…
|
CWE-369
Divide By Zero
|
CVE-2026-31603
|
2026-04-30 04:07 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
7.5 |
HIGH
Network
|
cesanta
|
mongoose
|
A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handle_opt of the file /src/net_builtin.c of the component TCP Option Handler. This manipulation…
|
CWE-404
CWE-835
Improper Resource Shutdown or Release
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-6985
|
2026-04-30 04:05 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
8.6 |
HIGH
Network
|
vmware
|
spring_ai
|
In Spring AI, various FilterExpressionConverter implementations accept a filter expression object and translate them to specific vector store query languages. In several cases, keys and values are no…
|
CWE-94
Code Injection
|
CVE-2026-40967
|
2026-04-30 04:04 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
9.3 |
CRITICAL
Network
|
microsoft
|
365_copilot
|
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
|
CWE-601
Open Redirect
|
CVE-2026-33102
|
2026-04-30 04:04 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
6.5 |
MEDIUM
Network
|
technitium
|
dnsserver
|
Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation.
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-42255
|
2026-04-30 03:54 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads …
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7019
|
2026-04-30 03:44 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7031
|
2026-04-30 03:29 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
8.8 |
HIGH
Network
|
tenda
|
f456_firmware
|
A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack ca…
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7032
|
2026-04-30 03:26 |
2026-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
5.9 |
MEDIUM
Network
|
vmware
|
spring_ai
|
In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conv…
|
CWE-284
Improper Access Control
|
CVE-2026-40966
|
2026-04-30 03:18 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
