|
1381
|
- |
|
-
|
-
|
efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry …
|
CWE-77
Command Injection
|
CVE-2026-44257
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1382
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Scramble generates API documentation for Laravel project. From 0.13.2 to before 0.13.22, when documentation endpoints are publicly accessible and validation rules reference user-controlled input, req…
|
CWE-94
Code Injection
|
CVE-2026-44262
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1383
|
7.5 |
HIGH
Network
|
-
|
-
|
Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.167, a remote, unauthenticated denial of service (DoS) vulnerability affects Deskflow servers running with TLS enabled (the default). Whe…
|
CWE-400
CWE-405
Uncontrolled Resource Consumption
Asymmetric Resource Consumption (Amplification)
|
CVE-2026-44296
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1384
|
9.0 |
CRITICAL
Network
|
-
|
-
|
Thymeleaf is a server-side Java template engine for web and standalone environments. Prior to 3.1.5.RELEASE, a security bypass vulnerability exists in the expression execution mechanisms of Thymeleaf…
|
CWE-917
CWE-1336
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Improper Neutralization of Special Elements Used in a Template Engine
|
CVE-2026-41901
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1385
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious …
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-42156
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1386
|
- |
|
-
|
-
|
Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a map node with a malici…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42157
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1387
|
10.0 |
CRITICAL
Network
|
-
|
-
|
ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard …
|
CWE-94
Code Injection
|
CVE-2026-42288
|
2026-05-14 01:10 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1388
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.7. The impacted element is the function update_authorized_pcc_rule_and_qos of the file /src/smf/npcf-handler.c of the component SMF. This manipulation cause…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8249
|
2026-05-14 01:10 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1389
|
8.8 |
HIGH
Network
|
wavlink
|
wl-nu516u1_firmware
|
A security vulnerability has been detected in Wavlink NU516U1 240425. Impacted is the function advance of the file /cgi-bin/wireless.cgi. Such manipulation of the argument wlan_conf/Channel/skiplist/…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8228
|
2026-05-14 01:10 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1390
|
8.8 |
HIGH
Network
|
wavlink
|
wl-nu516u1_firmware
|
A weakness has been identified in Wavlink NU516U1 240425. This issue affects the function wzdapMesh of the file /cgi-bin/adm.cgi. This manipulation causes os command injection. The attack may be init…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8227
|
2026-05-14 01:10 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
