Common Vulnerabilities and Exposures (CVE)

CVE-2026-5367

Apr 29, 2026 17:46:56 UTC

A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the...

CVE-2026-26204

Apr 29, 2026 17:43:44 UTC

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 b...

CVE-2026-7393

Apr 29, 2026 17:39:13 UTC

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performing a manipulation of the argument img resu...

CVE-2026-26015

Apr 29, 2026 17:37:25 UTC

DocsGPT is a GPT-powered chat for documentation. From version 0.15.0 to before version 0.16.0, an attacker accessing both the official DocsGPT website or any local and public deployment, can craft a malicious payload bypassing the "MCP test...

CVE-2026-7396

Apr 29, 2026 17:30:15 UTC

A vulnerability was identified in NousResearch hermes-agent 0.8.0. Affected by this issue is some unknown functionality of the file gateway/platforms/wecom.py of the component WeChat Work Platform Adapter. The manipulation leads to path tra...

CVE-2026-5712

Apr 29, 2026 17:18:27 UTC

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

CVE-2026-7394

Apr 29, 2026 17:15:11 UTC

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/view_order.php of the component GET Parameter Handler. Executing a manipulation of ...

CVE-2026-7390

Apr 29, 2026 17:11:49 UTC

A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. The impacted element is the function Customer of the file /index.php?page=customer. The manipulation of the argument Name results in cross site scriptin...

CVE-2026-32688

Apr 29, 2026 17:08:07 UTC

Allocation of Resources Without Limits or Throttling vulnerability in elixir-plug plug_cowboy allows unauthenticated remote denial of service via atom table exhaustion. Plug.Cowboy.Conn.conn/1 in lib/plug/cowboy/conn.ex calls String.to_ato...

CVE-2026-0206

Apr 29, 2026 17:00:31 UTC

A post-authentication Stack-based Buffer Overflow vulnerabilities in SonicOS allows a remote attacker to crash a firewall.

CVE-2026-0205

Apr 29, 2026 16:59:41 UTC

A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services.

CVE-2026-0204

Apr 29, 2026 16:54:00 UTC

A vulnerability in the access control mechanism of SonicOS may allow certain management interface functions to be accessible under specific conditions.

CVE-2026-6915

Apr 29, 2026 16:51:01 UTC

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the im...

CVE-2026-6914

Apr 29, 2026 16:47:02 UTC

Computing the MD5 checksum of a malformed BSON object under specific conditions may cause loss of availability in MongoDB server. This issue affects all MongoDB Server v8.2 versions, all MongoDB Server v8.1 versions, MongoDB Server v8.0 ver...

CVE-2026-7392

Apr 29, 2026 16:45:09 UTC

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of the argument ID leads to sql injection. T...