|
1351
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani…
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8222
|
2026-05-13 02:49 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of …
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8224
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by…
Update
|
CWE-89
SQL Injection
|
CVE-2025-14179
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m…
Update
|
CWE-416
Use After Free
|
CVE-2026-6722
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
6.1 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause t…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-6735
|
2026-05-13 02:43 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7258
|
2026-05-13 02:41 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
6.5 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7259
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr…
Update
|
CWE-416
Use After Free
|
CVE-2026-7261
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which check…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7262
|
2026-05-13 02:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the cur…
Update
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-7568
|
2026-05-13 02:38 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
