|
3281
|
8.8 |
HIGH
Network
|
cern
|
rucio
|
A SQL injection vulnerability in `FilterEngine.create_sqla_query()` allows any authenticated Rucio user to execute arbitrary SQL against the backend database through the DID search endpoint (`GET /di…
|
CWE-89
SQL Injection
|
CVE-2026-29080
|
2026-05-12 00:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3282
|
7.5 |
HIGH
Network
|
google
|
android
|
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
|
NVD-CWE-noinfo
|
CVE-2025-71256
|
2026-05-12 00:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3283
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the f…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8271
|
2026-05-12 00:05 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3284
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os comma…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8272
|
2026-05-12 00:05 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3285
|
7.5 |
HIGH
Network
|
kazeburo
|
gazelle
|
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head…
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40562
|
2026-05-12 00:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3286
|
8.8 |
HIGH
Network
|
cern
|
rucio
|
### Summary
A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticate…
|
CWE-89
SQL Injection
|
CVE-2026-29090
|
2026-05-12 00:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3287
|
8.8 |
HIGH
Network
|
openmrs
|
openmrs
|
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/modul…
|
CWE-22
Path Traversal
|
CVE-2026-40076
|
2026-05-11 23:55 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3288
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has…
|
CWE-80
Basic XSS
|
CVE-2026-44264
|
2026-05-11 23:50 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3289
|
9.1 |
CRITICAL
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-11 23:46 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3290
|
5.5 |
MEDIUM
Local
|
hp
|
samsung_print_service_plugin
|
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate …
|
CWE-926
NVD-CWE-noinfo
Improper Export of Android Application Components
|
CVE-2026-3291
|
2026-05-11 23:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
