|
231
|
7.5 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle…
New
|
CWE-362
Race Condition
|
CVE-2026-42594
|
2026-05-15 01:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
232
|
8.6 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based S…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42595
|
2026-05-15 01:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
233
|
- |
|
-
|
-
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate (e.g. self-sig…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-41132
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
234
|
6.1 |
MEDIUM
Network
|
-
|
-
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, Access to the views via tokens or unauthenticated requests marked the endpoin…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-41255
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
235
|
- |
|
-
|
-
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to inject SQL in or…
New
|
CWE-89
SQL Injection
|
CVE-2026-42031
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
236
|
- |
|
-
|
-
|
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastore_search_sql allowed attackers to bypass authoriza…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-42032
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
237
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after bei…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-42577
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
238
|
- |
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explici…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-42578
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
239
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
New
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
240
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int, enabling request smuggling attacks. Th…
New
|
CWE-190
CWE-444
Integer Overflow or Wraparound
HTTP Request Smuggling
|
CVE-2026-42580
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
