|
51
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8728
|
2026-05-17 13:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
8.8 |
HIGH
Network
|
-
|
-
|
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in t…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-8719
|
2026-05-17 13:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
7.3 |
HIGH
Network
|
-
|
-
|
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation cau…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8725
|
2026-05-17 11:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results …
New
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8724
|
2026-05-17 11:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
5.3 |
MEDIUM
Network
|
-
|
-
|
### Summary
`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8723
|
2026-05-17 09:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
New
|
-
|
CVE-2026-6050
|
2026-05-17 08:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
8.2 |
HIGH
Local
|
-
|
-
|
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
New
|
CWE-346
Origin Validation Error
|
CVE-2026-46728
|
2026-05-17 07:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Quick.CMS 6.7 contains a cross-site scripting vulnerability in the sliders form that allows authenticated attackers to inject malicious scripts by submitting XSS payloads through the sDescription par…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47981
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
7.1 |
HIGH
Network
|
-
|
-
|
Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'col' parameter in the Activity Log i…
New
|
CWE-89
SQL Injection
|
CVE-2021-47980
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
8.8 |
HIGH
Network
|
-
|
-
|
WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to delete files by manipulating parameters in AJAX requests. Attackers …
New
|
CWE-22
Path Traversal
|
CVE-2021-47979
|
2026-05-17 01:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
