|
1271
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os comma…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8272
|
2026-05-12 00:05 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1272
|
7.5 |
HIGH
Network
|
kazeburo
|
gazelle
|
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40562
|
2026-05-12 00:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1273
|
8.8 |
HIGH
Network
|
cern
|
rucio
|
### Summary
A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticate…
Update
|
CWE-89
SQL Injection
|
CVE-2026-29090
|
2026-05-12 00:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1274
|
8.8 |
HIGH
Network
|
openmrs
|
openmrs
|
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/modul…
Update
|
CWE-22
Path Traversal
|
CVE-2026-40076
|
2026-05-11 23:55 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1275
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has…
Update
|
CWE-80
Basic XSS
|
CVE-2026-44264
|
2026-05-11 23:50 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1276
|
9.1 |
CRITICAL
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
Update
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-11 23:46 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1277
|
5.5 |
MEDIUM
Local
|
hp
|
samsung_print_service_plugin
|
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate …
Update
|
CWE-926
NVD-CWE-noinfo
Improper Export of Android Application Components
|
CVE-2026-3291
|
2026-05-11 23:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1278
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a c…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-40296
|
2026-05-11 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1279
|
5.3 |
MEDIUM
Network
|
opentelemetry
|
opentelemetry.exporter.zipkin
|
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span a…
Update
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41310
|
2026-05-11 23:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1280
|
5.3 |
MEDIUM
Network
|
netty
|
netty
|
Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF …
Update
|
CWE-93
CWE-444
CRLF Injection
HTTP Request Smuggling
|
CVE-2026-41417
|
2026-05-11 23:29 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
