|
661
|
5.5 |
MEDIUM
Local
|
microsoft
|
teams
|
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
Update
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-32185
|
2026-05-18 22:33 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
662
|
4.3 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
Update
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-40416
|
2026-05-18 22:26 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
663
|
7.5 |
HIGH
Network
|
-
|
-
|
A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pa…
New
|
CWE-475
Undefined Behavior for Input to API
|
CVE-2026-42009
|
2026-05-18 22:16 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
664
|
9.8 |
CRITICAL
Network
|
netty
|
netty
|
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-42581
|
2026-05-18 22:14 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
665
|
9.8 |
CRITICAL
Network
|
espressif
|
arduino-esp32
|
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a …
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-42854
|
2026-05-18 22:09 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
666
|
8.8 |
HIGH
Network
|
mongodb
|
mongodb
|
An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8053
|
2026-05-18 22:06 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
667
|
7.5 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle…
Update
|
CWE-362
Race Condition
|
CVE-2026-42594
|
2026-05-18 22:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
668
|
8.2 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames t…
Update
|
CWE-73
CWE-184
External Control of File Name or Path
Incomplete Blacklist
|
CVE-2026-40893
|
2026-05-18 22:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
669
|
8.2 |
HIGH
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without …
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42591
|
2026-05-18 22:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
670
|
5.9 |
MEDIUM
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers…
Update
|
CWE-73
CWE-918
External Control of File Name or Path
Server-Side Request Forgery (SSRF)
|
CVE-2026-42597
|
2026-05-18 22:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
