|
1831
|
6.5 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7259
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1832
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr…
|
CWE-416
Use After Free
|
CVE-2026-7261
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1833
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which check…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7262
|
2026-05-13 02:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1834
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the cur…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-7568
|
2026-05-13 02:38 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1835
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8225
|
2026-05-13 02:38 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1836
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8226
|
2026-05-13 02:38 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1837
|
8.8 |
HIGH
Network
|
wavlink
|
wl-nu516u1_firmware
|
A vulnerability was detected in Wavlink NU516U1 240425. The affected element is the function WifiBasic of the file /cgi-bin/wireless.cgi. Performing a manipulation of the argument AuthMethod/EncrypTy…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8229
|
2026-05-13 02:37 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1838
|
8.8 |
HIGH
Network
|
wavlink
|
wl-nu516u1_firmware
|
A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function sys_login1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8230
|
2026-05-13 02:37 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1839
|
9.1 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mb_convert_encoding() or related mbstring functions, the code incorrectl…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-6104
|
2026-05-13 02:35 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1840
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML docu…
|
CWE-404
CWE-835
Improper Resource Shutdown or Release
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-7263
|
2026-05-13 02:35 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
