|
811
|
5.1 |
MEDIUM
Local
|
-
|
-
|
uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes.
New
|
CWE-197
Numeric Truncation Error
|
CVE-2026-42371
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
812
|
- |
|
-
|
-
|
OPPO Wallet APP contains a trusted domain validation flaw that allows attackers to bypass protected interface access restrictions, which may lead to account token hijacking and sensitive information …
New
|
CWE-346
Origin Validation Error
|
CVE-2026-22077
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
813
|
- |
|
-
|
-
|
An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management inter…
New
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-3868
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
814
|
8.8 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_l…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7096
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
815
|
8.8 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of th…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-7097
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
816
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowin…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41635
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
817
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41409
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
818
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7119
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
819
|
- |
|
-
|
-
|
Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2025-15626
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
820
|
- |
|
-
|
-
|
Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion.
Plug.Cowboy.Conn.conn/1 in li…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-32688
|
2026-04-28 03:57 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
