|
851
|
- |
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.12.0, an improper restriction of XML external entity (XXE) reference vulnerability in the EDI Module enab…
New
|
CWE-611
XXE
|
CVE-2026-44445
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.104.3 and 16.14.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would all…
New
|
CWE-89
SQL Injection
|
CVE-2026-44446
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
8.8 |
HIGH
Network
|
-
|
-
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 16.9.0, some endpoints were vulnerable to SQL injection through specially crafted requests, which would allow a malicious…
New
|
CWE-89
SQL Injection
|
CVE-2026-44447
|
2026-05-15 01:29 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to E…
New
|
CWE-78
OS Command
|
CVE-2026-42589
|
2026-05-15 01:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only th…
New
|
CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)
|
CVE-2026-42592
|
2026-05-15 01:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/…
New
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-42593
|
2026-05-15 01:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
8.6 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based S…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42595
|
2026-05-15 01:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after bei…
New
|
CWE-772
Missing Release of Resource after Effective Lifetime
|
CVE-2026-42577
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
- |
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explici…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-42578
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
7.5 |
HIGH
Network
|
-
|
-
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's DNS codec does not enforce RFC 1035 domain name constraints during either encodi…
New
|
CWE-20
CWE-400
CWE-626
Improper Input Validation
Uncontrolled Resource Consumption
Null Byte Interaction Error (Poison Null Byte)
|
CVE-2026-42579
|
2026-05-15 01:26 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
