|
1731
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.4.0 to before version 4.14.4, a path traversal vulnerability in Wazuh's cluster synchroniz…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-30893
|
2026-05-1 00:11 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1732
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation.…
|
CWE-200
CWE-359
Information Exposure
Exposure of Private Personal Information to an Unauthorized Actor
|
CVE-2026-7382
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1733
|
8.1 |
HIGH
Network
|
-
|
-
|
Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7399
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1734
|
8.1 |
HIGH
Network
|
-
|
-
|
Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding.
This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117.
|
CWE-799
Improper Control of Interaction Frequency
|
CVE-2026-7402
|
2026-05-1 00:09 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1735
|
7.5 |
HIGH
Network
|
frappe
|
press
|
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like expl…
|
CWE-352
Origin Validation Error
|
CVE-2026-41317
|
2026-04-30 23:53 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1736
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in comm…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7469
|
2026-04-30 23:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1737
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7470
|
2026-04-30 23:53 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1738
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation can lead to sql inject…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7409
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1739
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-7410
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1740
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function build_project/run_tests of the file src/index.ts of the component MCP Interface. The manipulation of th…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7416
|
2026-04-30 23:52 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
