|
2531
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has…
|
CWE-80
Basic XSS
|
CVE-2026-44264
|
2026-05-11 23:50 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2532
|
9.1 |
CRITICAL
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-11 23:46 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2533
|
5.5 |
MEDIUM
Local
|
hp
|
samsung_print_service_plugin
|
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate …
|
CWE-926
NVD-CWE-noinfo
Improper Export of Android Application Components
|
CVE-2026-3291
|
2026-05-11 23:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2534
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a c…
|
CWE-79
Cross-site Scripting
|
CVE-2026-40296
|
2026-05-11 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2535
|
5.3 |
MEDIUM
Network
|
opentelemetry
|
opentelemetry.exporter.zipkin
|
OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span a…
|
CWE-400
CWE-770
Uncontrolled Resource Consumption
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41310
|
2026-05-11 23:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2536
|
5.3 |
MEDIUM
Network
|
netty
|
netty
|
Netty allows request-line validation to be bypassed when a `DefaultHttpRequest` or `DefaultFullHttpRequest` is created first and its URI is later changed via `setUri()`. The constructors reject CRLF …
|
CWE-93
CWE-444
CRLF Injection
HTTP Request Smuggling
|
CVE-2026-41417
|
2026-05-11 23:29 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2537
|
5.5 |
MEDIUM
Local
|
open5gs
|
open5gs
|
A vulnerability was detected in Open5GS up to 2.7.7. Impacted is the function ogs_sbi_stream_find_by_id in the library /lib/sbi/nghttp2-server.c of the component NSSF. Performing a manipulation resul…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8119
|
2026-05-11 23:29 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2538
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.7. The affected element is the function nssf_nnrf_nsselection_handle_get_from_amf_or_vnssf of the file /src/nssf/nnssf-handler.c of the component NSSF. Exec…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8120
|
2026-05-11 23:28 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2539
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/kexec: add a sanity check on previous kernel's ima kexec buffer
When the second-stage kernel is booted via kexec with a limit…
|
NVD-CWE-noinfo
|
CVE-2026-43240
|
2026-05-11 23:27 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2540
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_parse_plmn_list in the library /lib/sbi/conv.c of the component NSSF. The manipulation leads to den…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8121
|
2026-05-11 23:26 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
