|
1621
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function udm_state_operational of the file /src/udm/udm-sm.c of the component smf-registrations Endpoint. …
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7780
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1622
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A security vulnerability has been detected in Open5GS up to 2.7.7. Affected by this issue is the function udm_nudm_uecm_handle_amf_registration_update of the file /src/udm/nudm-handler.c of the compo…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-7781
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1623
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The mani…
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-7782
|
2026-05-6 04:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1624
|
- |
|
-
|
-
|
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
…
|
CWE-89
SQL Injection
|
CVE-2026-5394
|
2026-05-6 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1625
|
9.8 |
CRITICAL
Network
|
synway
|
smg_gateway_management_software
|
Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in…
|
CWE-78
OS Command
|
CVE-2025-71284
|
2026-05-6 03:09 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1626
|
8.0 |
HIGH
Network
|
jenkins
|
html_publisher
|
Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42524
|
2026-05-6 03:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1627
|
9.0 |
CRITICAL
Network
|
jenkins
|
github
|
Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42523
|
2026-05-6 03:06 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1628
|
5.9 |
MEDIUM
Network
|
elastic
|
elastic_package_registry
|
Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served t…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-33467
|
2026-05-6 02:55 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1629
|
4.4 |
MEDIUM
Local
|
oracle
|
linux
|
An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-35233
|
2026-05-6 02:46 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1630
|
5.5 |
MEDIUM
Local
|
oracle
|
linux
|
An unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in Pbuild_file_symtab()
|
CWE-369
Divide By Zero
|
CVE-2026-21996
|
2026-05-6 02:45 |
2026-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
