|
6101
|
7.5 |
HIGH
Network
|
kazeburo
|
gazelle
|
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40562
|
2026-05-12 00:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6102
|
8.8 |
HIGH
Network
|
cern
|
rucio
|
### Summary
A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticate…
|
CWE-89
SQL Injection
|
CVE-2026-29090
|
2026-05-12 00:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6103
|
8.8 |
HIGH
Network
|
openmrs
|
openmrs
|
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/modul…
|
CWE-22
Path Traversal
|
CVE-2026-40076
|
2026-05-11 23:55 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6104
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has…
|
CWE-80
Basic XSS
|
CVE-2026-44264
|
2026-05-11 23:50 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6105
|
9.1 |
CRITICAL
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-11 23:46 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6106
|
5.5 |
MEDIUM
Local
|
hp
|
samsung_print_service_plugin
|
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate …
|
CWE-926
NVD-CWE-noinfo
Improper Export of Android Application Components
|
CVE-2026-3291
|
2026-05-11 23:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6107
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a c…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40296
|
2026-05-11 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6108
|
5.3 |
MEDIUM
Network
|
opentelemetry
|
opentelemetry.exporter.zipkin
|
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span a…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41310
|
2026-05-11 23:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6109
|
5.3 |
MEDIUM
Network
|
netty
|
netty
|
Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF …
|
CWE-93
CWE-444
CRLF Injection
HTTP Request Smuggling
|
CVE-2026-41417
|
2026-05-11 23:29 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6110
|
5.5 |
MEDIUM
Local
|
open5gs
|
open5gs
|
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation resul…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8119
|
2026-05-11 23:29 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
