|
2541
|
8.2 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-42590
|
2026-05-18 21:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2542
|
9.1 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with an outbound request by queue.poll() onc…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42584
|
2026-05-18 21:15 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2543
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in opensourcepos Open Source Point of Sale up to 3.4.2. This issue affects the function getPicThumb of the file app/Controllers/Items.php. The manipulation of the argumen…
|
CWE-22
Path Traversal
|
CVE-2026-8802
|
2026-05-18 20:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2544
|
- |
|
-
|
-
|
Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-4320
|
2026-05-18 20:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2545
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in projectworlds hospital-management-system-in-php 1.0. Affected by this vulnerability is the function getAllPatientDetail of the file update_info.php of the component GET Param…
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8785
|
2026-05-18 13:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2546
|
4.2 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack r…
|
CWE-59
CWE-61
Link Following
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-8784
|
2026-05-18 13:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2547
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in omec-project amf up to 2.1.3-dev. This impacts the function UERadioCapabilityCheckResponse of the file ngap/dispatcher.go. Such manipulation leads to nul…
|
CWE-404
CWE-476
Improper Resource Shutdown or Release
NULL Pointer Dereference
|
CVE-2026-8783
|
2026-05-18 13:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2548
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null p…
|
CWE-404
CWE-476
Improper Resource Shutdown or Release
NULL Pointer Dereference
|
CVE-2026-8782
|
2026-05-18 11:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2549
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in omec-project amf up to 2.1.3-dev. The impacted element is the function RANConfiguration of the file ngap/handler.go. The manipulation results in null pointer de…
|
CWE-404
CWE-476
Improper Resource Shutdown or Release
NULL Pointer Dereference
|
CVE-2026-8781
|
2026-05-18 11:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2550
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-8780
|
2026-05-18 11:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
