|
1581
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Open5GS up to 2.7.7. Affected by this issue is the function discover_handler in the library /lib/sbi/nghttp2-server.c of the component NRF. The manipulation res…
|
CWE-119
CWE-416
Incorrect Access of Indexable Resource ('Range Error')
Use After Free
|
CVE-2026-8746
|
2026-05-19 02:48 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1582
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leadi…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41119
|
2026-05-19 02:45 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1583
|
8.1 |
HIGH
Network
|
-
|
-
|
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers…
|
CWE-94
Code Injection
|
CVE-2026-35194
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1584
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.
|
CWE-20
CWE-22
Improper Input Validation
Path Traversal
|
CVE-2026-20685
|
2026-05-19 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1585
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
|
CWE-284
Improper Access Control
|
CVE-2025-67437
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1586
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc…
|
CWE-94
Code Injection
|
CVE-2026-39052
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1587
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils…
|
CWE-611
XXE
|
CVE-2026-39053
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1588
|
7.3 |
HIGH
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
|
CWE-77
Command Injection
|
CVE-2026-39054
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1589
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Chat Support plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly verifying that a user is auth…
|
CWE-862
Missing Authorization
|
CVE-2026-8681
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1590
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The Multicollab: Content Team Collaboration and Editorial Workflow plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf_add_comment' fu…
|
CWE-862
Missing Authorization
|
CVE-2025-4202
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
