|
291
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnap_service of the component HNAP Service. The manipu…
New
|
CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error')
Classic Buffer Overflow
|
CVE-2026-8260
|
2026-05-12 00:06 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was identified in D-Link DNS-320 2.06B01. The impacted element is the function cgi_speed/cgi_dhcpd_lease/cgi_ddns/cgi_set_ip/cgi_upnp_del/cgi_dhcpd/cgi_upnp_add/cgi_upnp_edit of the f…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8271
|
2026-05-12 00:05 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A security flaw has been discovered in D-Link DNS-320 2.06B01. This affects the function delete/rename/copy/move/chmod/chown of the file /cgi-bin/webfile_mgr.cgi. The manipulation results in os comma…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-8272
|
2026-05-12 00:05 |
2026-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294
|
7.5 |
HIGH
Network
|
kazeburo
|
gazelle
|
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40562
|
2026-05-12 00:04 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295
|
8.8 |
HIGH
Network
|
cern
|
rucio
|
### Summary
A SQL injection vulnerability exists in Rucio versions 1.30.0 and later before 35.8.5, 38.5.5, 39.4.2, and 40.1.1, in `FilterEngine.create_postgres_query()`. This allows any authenticate…
Update
|
CWE-89
SQL Injection
|
CVE-2026-29090
|
2026-05-12 00:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296
|
8.8 |
HIGH
Network
|
openmrs
|
openmrs
|
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the module upload endpoint at POST `/openmrs/ws/rest/v1/modul…
Update
|
CWE-22
Path Traversal
|
CVE-2026-40076
|
2026-05-11 23:55 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297
|
4.3 |
MEDIUM
Network
|
weblate
|
weblate
|
Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has…
Update
|
CWE-80
Basic XSS
|
CVE-2026-44264
|
2026-05-11 23:50 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298
|
9.1 |
CRITICAL
Network
|
thecodingmachine
|
gotenberg
|
Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsani…
Update
|
CWE-88
Argument Injection
|
CVE-2026-40281
|
2026-05-11 23:46 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
299
|
5.5 |
MEDIUM
Local
|
hp
|
samsung_print_service_plugin
|
Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate …
Update
|
CWE-926
NVD-CWE-noinfo
Improper Export of Android Application Components
|
CVE-2026-3291
|
2026-05-11 23:43 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
300
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. The HTML writer skips htmlspecialchars escaping when a cell's formatted value differs from the original value. When a c…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-40296
|
2026-05-11 23:42 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
