|
851
|
8.7 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermo…
New
|
CWE-200
Information Exposure
|
CVE-2026-6346
|
2026-05-19 03:39 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
7.6 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a su…
New
|
CWE-200
Information Exposure
|
CVE-2026-6347
|
2026-05-19 03:39 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
9.8 |
CRITICAL
Network
|
radare
|
radare2
|
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…
Update
|
CWE-416
Use After Free
|
CVE-2026-8695
|
2026-05-19 03:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, a…
Update
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2026-4053
|
2026-05-19 03:37 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG fi…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-4054
|
2026-05-19 03:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool …
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8731
|
2026-05-19 03:35 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
9.1 |
CRITICAL
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is no…
Update
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-44551
|
2026-05-19 03:35 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s…
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8729
|
2026-05-19 03:35 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S…
Update
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8728
|
2026-05-19 03:35 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
4.3 |
MEDIUM
Network
|
tp-link
|
tl-wr720n_firmware
|
TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker…
Update
|
CWE-352
Origin Validation Error
|
CVE-2018-25321
|
2026-05-19 03:34 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
