Total
347679 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7102 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-31850 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 4.9 MEDIUM |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information. | |||||
| CVE-2026-31851 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 9.8 CRITICAL |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. | |||||
| CVE-2026-5937 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 5.5 MEDIUM |
| Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | |||||
| CVE-2026-5938 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 5.5 MEDIUM |
| Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | |||||
| CVE-2026-3503 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 5.2 MEDIUM |
| Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6. | |||||
| CVE-2026-5939 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 5.5 MEDIUM |
| A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | |||||
| CVE-2026-4159 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 3.3 LOW |
| 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default. | |||||
| CVE-2026-5940 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 7.8 HIGH |
| Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | |||||
| CVE-2026-5446 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 7.1 HIGH |
| In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard. | |||||
| CVE-2026-5941 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 7.8 HIGH |
| Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction. | |||||
| CVE-2026-5447 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 7.5 HIGH |
| Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. | |||||
| CVE-2026-5263 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 6.5 MEDIUM |
| URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid. | |||||
| CVE-2026-5942 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 5.5 MEDIUM |
| Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | |||||
| CVE-2026-5264 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 9.8 CRITICAL |
| Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. | |||||
| CVE-2026-5943 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 7.8 HIGH |
| Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries. | |||||
| CVE-2026-0919 | 1 Tp-link | 4 Tapo C220, Tapo C220 Firmware, Tapo C520ws and 1 more | 2026-04-29 | N/A | 7.5 HIGH |
| The HTTP parser of Tapo C210 v3, C220 v1 and C520WS v2 cameras improperly handles requests containing an excessively long URL path. An invalid‑URL error path continues into cleanup code that assumes allocated buffers exist, leading to a crash and service restart. An unauthenticated attacker can force repeated service crashes or device reboots, causing denial of service. | |||||
| CVE-2026-7233 | 1 Artifex | 1 Mupdf | 2026-04-29 | 1.7 LOW | 3.3 LOW |
| A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet. | |||||
| CVE-2026-41332 | 1 Openclaw | 1 Openclaw | 2026-04-29 | N/A | 5.3 MEDIUM |
| OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files to execute untrusted code or load malicious credentials. | |||||
| CVE-2026-4958 | 1 Openbmb | 1 Xagent | 2026-04-29 | 2.1 LOW | 3.1 LOW |
| A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||