Common Vulnerabilities and Exposures (CVE)

CVE-2025-56568

Apr 30, 2026 19:37:56 UTC

Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP mes...

CVE-2025-46115

Apr 30, 2026 19:23:47 UTC

An issue in open5gs v.2.7.3 allows a remote attacker to cause a denial of service via a crafted PDU Session Modification Request

CVE-2026-24905

Apr 30, 2026 19:21:40 UTC

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI image...

CVE-2026-40904

Apr 30, 2026 19:12:25 UTC

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes multiple dataset and dataRequest endpoints that authorize low-privileged proj...

CVE-2026-40603

Apr 30, 2026 19:04:07 UTC

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes a legacy dashboard route that returns a project's report data to any authenti...

CVE-2026-40595

Apr 30, 2026 19:02:16 UTC

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level publi...

CVE-2026-40600

Apr 30, 2026 18:51:59 UTC

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePoli...

CVE-2026-36766

Apr 30, 2026 18:36:13 UTC

Multiple authenticated cross-site scripting (XSS) vulnerabilities in the XssHttpServletRequestWrapper class of shopizer v3.2.5 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the getInputStream...

CVE-2026-5080

Apr 30, 2026 18:29:20 UTC

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the bu...

CVE-2022-50993

Apr 30, 2026 18:24:11 UTC

Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST reques...

CVE-2026-40601

Apr 30, 2026 18:22:43 UTC

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only che...

CVE-2026-36758

Apr 30, 2026 18:11:52 UTC

A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

CVE-2025-71284

Apr 30, 2026 18:06:54 UTC

Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command wi...

CVE-2026-36759

Apr 30, 2026 18:05:40 UTC

A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.

CVE-2026-36757

Apr 30, 2026 17:56:51 UTC

A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.