|
5411
|
5.5 |
MEDIUM
Local
|
python
|
pillow
|
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-42310
|
2026-05-13 02:55 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5412
|
4.7 |
MEDIUM
Local
|
apple
|
ipados
iphone_os
macos
visionos
|
A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, …
|
CWE-362
Race Condition
|
CVE-2026-43659
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5413
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
watchos
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43661
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5414
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8222
|
2026-05-13 02:49 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5415
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8224
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5416
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by…
|
CWE-89
SQL Injection
|
CVE-2025-14179
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5417
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m…
|
CWE-416
Use After Free
|
CVE-2026-6722
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5418
|
6.1 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6735
|
2026-05-13 02:43 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5419
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7258
|
2026-05-13 02:41 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5420
|
6.5 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7259
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
