|
3501
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und…
|
CWE-125
CWE-476
Out-of-bounds Read
NULL Pointer Dereference
|
CVE-2026-32738
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3502
|
6.5 |
MEDIUM
Network
|
struktur
|
libheif
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-32739
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3503
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).
This issue affects Drupal core: from 11.3.…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6367
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3504
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS).
This issue affects Drupal core: from 8.0.0…
|
CWE-79
Cross-site Scripting
|
CVE-2026-6365
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3505
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected.
The html_filter function did not escape single quotes. HTML attributes inside of single quotes could…
|
CWE-79
Cross-site Scripting
|
CVE-2026-5090
|
2026-05-20 23:17 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3506
|
6.8 |
MEDIUM
Network
|
-
|
-
|
Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-35593
|
2026-05-20 23:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3507
|
6.8 |
MEDIUM
Network
|
-
|
-
|
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33741
|
2026-05-20 23:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3508
|
6.5 |
MEDIUM
Network
|
-
|
-
|
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to …
|
CWE-200
CWE-908
Information Exposure
Use of Uninitialized Resource
|
CVE-2026-32814
|
2026-05-20 23:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3509
|
9.1 |
CRITICAL
Network
|
-
|
-
|
API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt p…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-31071
|
2026-05-20 23:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3510
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/…
|
CWE-269
Improper Privilege Management
|
CVE-2026-31070
|
2026-05-20 23:16 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
