|
61
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7301
|
2026-05-19 02:44 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
62
|
9.1 |
CRITICAL
Network
|
-
|
-
|
SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by …
New
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-7302
|
2026-05-19 02:44 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
63
|
9.8 |
CRITICAL
Network
|
-
|
-
|
SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7304
|
2026-05-19 02:44 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
64
|
8.1 |
HIGH
Network
|
-
|
-
|
Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers…
New
|
CWE-94
Code Injection
|
CVE-2026-35194
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
65
|
7.5 |
HIGH
Network
|
-
|
-
|
Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet.
To remediate this issue, users s…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8686
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
66
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3.
New
|
CWE-20
CWE-22
Improper Input Validation
Path Traversal
|
CVE-2026-20685
|
2026-05-19 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
67
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset.
New
|
CWE-284
Improper Access Control
|
CVE-2025-67437
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
68
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc…
New
|
CWE-94
Code Injection
|
CVE-2026-39052
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
69
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils…
New
|
CWE-611
XXE
|
CVE-2026-39053
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
70
|
7.3 |
HIGH
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
New
|
CWE-77
Command Injection
|
CVE-2026-39054
|
2026-05-19 02:44 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
