CVE-2026-7419 - UTT HiPER 1250GW formTaskEdit_ap strcpy buffer overflow
CVE ID :CVE-2026-7419
Published : April 29, 2026, 11:16 p.m. | 2 hours, 26 minutes ago
Description :A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7419
Published : April 29, 2026, 11:16 p.m. | 2 hours, 26 minutes ago
Description :A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7420 - UTT HiPER 1250GW ConfigAdvideo strcpy buffer overflow
CVE ID :CVE-2026-7420
Published : April 29, 2026, 11:16 p.m. | 2 hours, 26 minutes ago
Description :A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7420
Published : April 29, 2026, 11:16 p.m. | 2 hours, 26 minutes ago
Description :A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile results in buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7443 - BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection
CVE ID :CVE-2026-7443
Published : April 29, 2026, 11:16 p.m. | 2 hours, 26 minutes ago
Description :A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7443
Published : April 29, 2026, 11:16 p.m. | 2 hours, 26 minutes ago
Description :A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzz_domain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7445 - ZachHandley ZMCPTools MCP Log Resource ResourceManager.ts path traversal
CVE ID :CVE-2026-7445
Published : April 30, 2026, 12:16 a.m. | 1 hour, 26 minutes ago
Description :A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7445
Published : April 30, 2026, 12:16 a.m. | 1 hour, 26 minutes ago
Description :A security vulnerability has been detected in ZachHandley ZMCPTools up to 0.2.2. Affected by this issue is some unknown functionality of the file src/managers/ResourceManager.ts of the component MCP Log Resource Handler. The manipulation of the argument dirname leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7446 - VetCoders mcp-server-semgrep MCP index.ts create_rule os command injection
CVE ID :CVE-2026-7446
Published : April 30, 2026, 12:16 a.m. | 1 hour, 26 minutes ago
Description :A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e0386e01238405b771. It is advisable to upgrade the affected component.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7446
Published : April 30, 2026, 12:16 a.m. | 1 hour, 26 minutes ago
Description :A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyze_results/filter_results/export_results/compare_results/scan_directory/create_rule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command injection. The attack can be executed remotely. The exploit is now public and may be used. Upgrading to version 1.0.1 is able to mitigate this issue. The patch is identified as 141335da044e53c3f5b315e0386e01238405b771. It is advisable to upgrade the affected component.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7447 - SourceCodester Pet Grooming Management Software update_customer.php sql injection
CVE ID :CVE-2026-7447
Published : April 30, 2026, 1:16 a.m. | 26 minutes ago
Description :A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7447
Published : April 30, 2026, 1:16 a.m. | 26 minutes ago
Description :A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7468 - 1024-lab smart-admin Demo Site index.html access control
CVE ID :CVE-2026-7468
Published : April 30, 2026, 1:16 a.m. | 26 minutes ago
Description :A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7468
Published : April 30, 2026, 1:16 a.m. | 26 minutes ago
Description :A security vulnerability has been detected in 1024-lab smart-admin up to 3.30.0. This affects an unknown function of the file /smart-admin-api/druid/index.html of the component Demo Site. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7469 - Tenda 4G300 DelFil sub_425A28 command injection
CVE ID :CVE-2026-7469
Published : April 30, 2026, 2:16 a.m. | 1 hour, 28 minutes ago
Description :A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7469
Published : April 30, 2026, 2:16 a.m. | 1 hour, 28 minutes ago
Description :A vulnerability was detected in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. This impacts the function sub_425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7470 - Tenda 4G300 SafeMacFilter sub_427C3C stack-based overflow
CVE ID :CVE-2026-7470
Published : April 30, 2026, 3:16 a.m. | 28 minutes ago
Description :A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7470
Published : April 30, 2026, 3:16 a.m. | 28 minutes ago
Description :A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5655 - Use After Free in Wireshark
CVE ID :CVE-2026-5655
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5655
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :SDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-5657 - Double Free in Wireshark
CVE ID :CVE-2026-5657
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-5657
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :iLBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6519 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID :CVE-2026-6519
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6519
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :MBIM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6520 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID :CVE-2026-6520
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6520
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6521 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID :CVE-2026-6521
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6521
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6522 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID :CVE-2026-6522
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6522
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6523 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID :CVE-2026-6523
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6523
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6524 - Access of Uninitialized Pointer in Wireshark
CVE ID :CVE-2026-6524
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6524
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6526 - NULL Pointer Dereference in Wireshark
CVE ID :CVE-2026-6526
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6526
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6527 - Uncontrolled Recursion in Wireshark
CVE ID :CVE-2026-6527
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6527
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6528 - Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE ID :CVE-2026-6528
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6528
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-6529 - Heap-based Buffer Overflow in Wireshark
CVE ID :CVE-2026-6529
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-6529
Published : April 30, 2026, 7:16 a.m. | 28 minutes ago
Description :iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...