|
2301
|
7.5 |
HIGH
Network
|
apple
|
ipados
iphone_os
macos
tvos
watchos
|
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-43661
|
2026-05-13 02:51 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2302
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8222
|
2026-05-13 02:49 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2303
|
7.5 |
HIGH
Network
|
open5gs
|
open5gs
|
A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8224
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2304
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by…
|
CWE-89
SQL Injection
|
CVE-2025-14179
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2305
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global m…
|
CWE-416
Use After Free
|
CVE-2026-6722
|
2026-05-13 02:48 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2306
|
6.1 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6735
|
2026-05-13 02:43 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2307
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7258
|
2026-05-13 02:41 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2308
|
6.5 |
MEDIUM
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to a NULL pointer dereference, re…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7259
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2309
|
9.8 |
CRITICAL
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted acr…
|
CWE-416
Use After Free
|
CVE-2026-7261
|
2026-05-13 02:40 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2310
|
7.5 |
HIGH
Network
|
php
|
php
|
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which check…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-7262
|
2026-05-13 02:39 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
