|
4001
|
7.3 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file JwtAuthenticationTokenFilter.java of the component Ruoyi-Vue-Pro. Perform…
|
CWE-287
Improper Authentication
|
CVE-2026-7710
|
2026-05-6 04:11 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4002
|
6.5 |
MEDIUM
Network
|
-
|
-
|
A flaw has been found in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this issue is some unknown functionality of the file cps/cwa_functions.py of the component Admin Endpoint. This …
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-7714
|
2026-05-6 04:11 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4003
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in crocodilestick Calibre-Web-Automated up to 4.0.6. Affected by this vulnerability is the function generate_auth_token of the file cps/kobo_auth.py of the component Kobo…
|
CWE-266
CWE-285
Incorrect Privilege Assignment
Improper Authorization
|
CVE-2026-7713
|
2026-05-6 04:11 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4004
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpo…
|
CWE-284
CWE-434
Improper Access Control
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-7733
|
2026-05-6 04:11 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4005
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in Open5GS up to 2.7.7. Affected is the function udm_nudr_dr_handle_subscription_authentication of the file /src/udm/nudr-handler.c of the component authentication…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7779
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4006
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7780
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4007
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the compo…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7781
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4008
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The mani…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7782
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4009
|
- |
|
-
|
-
|
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
…
|
CWE-89
SQL Injection
|
CVE-2026-5394
|
2026-05-6 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4010
|
9.8 |
CRITICAL
Network
|
synway
|
smg_gateway_management_software
|
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in…
|
CWE-78
OS Command
|
CVE-2025-71284
|
2026-05-6 03:09 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
