|
1761
|
5.4 |
MEDIUM
Network
|
-
|
-
|
WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/userSavePhoto.php is a legacy profile-photo endpoint that accepts a base64 POST parameter and writes the de…
|
CWE-352
Origin Validation Error
|
CVE-2026-43877
|
2026-05-13 03:17 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1762
|
7.3 |
HIGH
Network
|
-
|
-
|
CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability (CWE-502) in its make_parquet_list.py data processing tool. The script l…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-31249
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1763
|
7.5 |
HIGH
Network
|
-
|
-
|
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
|
CWE-22
Path Traversal
|
CVE-2025-65418
|
2026-05-13 03:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1764
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polyg…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42309
|
2026-05-13 02:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1765
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42308
|
2026-05-13 02:57 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1766
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-42310
|
2026-05-13 02:55 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1767
|
4.7 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
visionos
|
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, …
|
CWE-362
Race Condition
|
CVE-2026-43659
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1768
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
watchos
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43661
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1769
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8222
|
2026-05-13 02:49 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1770
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8224
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
