Total
347752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7019 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads to buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-2646 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 8.1 HIGH |
| A heap-buffer-overflow vulnerability exists in wolfSSL's wolfSSL_d2i_SSL_SESSION() function. When deserializing session data with SESSION_CERTS enabled, certificate and session id lengths are read from an untrusted input without bounds validation, allowing an attacker to overflow fixed-size buffers and corrupt heap memory. A maliciously crafted session would need to be loaded from an external source to trigger this vulnerability. Internal sessions were not vulnerable. | |||||
| CVE-2026-3548 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | N/A | 9.8 CRITICAL |
| Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source. | |||||
| CVE-2026-7031 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7032 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-40966 | 1 Vmware | 1 Spring Ai | 2026-04-29 | N/A | 5.9 MEDIUM |
| In Spring AI, an attacker can bypass conversation isolation and exfiltrate sensitive memory from other users’ chat histories, including secrets and credentials, by injecting filter logic through conversationId. Only applications that use VectorStoreChatMemoryAdvisor and pass user-supplied input as a conversationId are affected. | |||||
| CVE-2026-40978 | 1 Vmware | 1 Spring Ai | 2026-04-29 | N/A | 8.8 HIGH |
| SQL injection vulnerability in Spring AI's `CosmosDBVectorStore` allows attackers to execute arbitrary SQL queries via crafted document IDs. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) | |||||
| CVE-2026-40979 | 1 Vmware | 1 Spring Ai | 2026-04-29 | N/A | 6.1 MEDIUM |
| In Spring AI, having access to a shared environment can expose the ONNX model used by the application. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) | |||||
| CVE-2026-5367 | 2026-04-29 | N/A | 8.6 HIGH | ||
| A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port. | |||||
| CVE-2026-40980 | 1 Vmware | 1 Spring Ai | 2026-04-29 | N/A | 6.5 MEDIUM |
| In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by `ForkPDFLayoutTextStripper`. Affected versions: Spring AI: 1.0.0 - 1.0.5 (fixed in 1.0.6), 1.1.0 - 1.1.4 (fixed in 1.1.5) | |||||
| CVE-2026-31614 | 1 Linux | 1 Linux Kernel | 2026-04-29 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in check_wsl_eas() The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA name and value, but ea_data sits at offset sizeof(struct smb2_file_full_ea_info) = 8 from ea, not at offset 0. The strncmp() later reads ea->ea_data[0..nlen-1] and the value bytes follow at ea_data[nlen+1..nlen+vlen], so the actual end is ea->ea_data + nlen + 1 + vlen. Isn't pointer math fun? The earlier check (u8 *)ea > end - sizeof(*ea) only guarantees the 8-byte header is in bounds, but since the last EA is placed within 8 bytes of the end of the response, the name and value bytes are read past the end of iov. Fix this mess all up by using ea->ea_data as the base for the bounds check. An "untrusted" server can use this to leak up to 8 bytes of kernel heap into the EA name comparison and influence which WSL xattr the data is interpreted as. | |||||
| CVE-2026-31847 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 8.8 HIGH |
| Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system. | |||||
| CVE-2026-31848 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 9.8 CRITICAL |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints. | |||||
| CVE-2026-31849 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 6.5 MEDIUM |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings. | |||||
| CVE-2026-7101 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-7102 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-31850 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 4.9 MEDIUM |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information. | |||||
| CVE-2026-31851 | 1 Nexxtsolutions | 2 Nebula300plus, Nebula300plus Firmware | 2026-04-29 | N/A | 9.8 CRITICAL |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. | |||||
| CVE-2026-5937 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 5.5 MEDIUM |
| Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | |||||
| CVE-2026-5938 | 1 Foxit | 2 Pdf Editor, Pdf Reader | 2026-04-29 | N/A | 5.5 MEDIUM |
| Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | |||||