📡 NVD-Latest · 2026-05-07 CVE-2026-41554 (CVSS 7.1) - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti CVE-2026-41554 CVE-2026-41554 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44788 - SharpCompress has directory traversal via directory entries in WriteToDirectory CVE-2026-44788 GHSA-6c8g-7p36-r338 MEDIUM nuget/SharpCompress CVE: CVE-2026-44788 Summary A path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44900 - epa4all-client has a VAU Signature bypass CVE-2026-44900 GHSA-g8r3-5hwf-qp96 HIGH maven/com.oviva.telematik:epa4all-client CVE: CVE-2026-44900 Impact In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify(). The method performs certificate chain validation, OCSP check, and signature algorithm

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44896 - Mistune has XSS via unescaped figclass/figwidth in Figure directive CVE-2026-44896 GHSA-58cw-g322-p94v MEDIUM pip/mistune CVE: CVE-2026-44896 In src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options directly into HTML attributes without escaping (lines 152-168). This allows attribute injection and XSS

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44708 - Mistune Math Plugin has an XSS Escape Bypass CVE-2026-44708 GHSA-8g87-j6q8-g93x MEDIUM pip/mistune CVE: CVE-2026-44708 Summary The mistune math plugin renders inline math ($...$) and block math ($$...$$) by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44837 - view_component: System Test Entry Point Path Check Allows Sibling Directory Esca CVE-2026-44837 GHSA-hg3h-g7xc-f7vp MEDIUM rubygems/view_component CVE: CVE-2026-44837 Summary The system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path. This

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44836 - view_component: Preview Route Can Dispatch Inherited Helper Methods CVE-2026-44836 GHSA-7f3r-gwc9-2995 MEDIUM rubygems/view_component CVE: CVE-2026-44836 Summary The preview route derives an example name from the URL and calls it with public_send. The code does not verify that the requested method is one of

📡 GitHub-Advisory · 2026-05-08 GHSA-mv93-w799-cj2w - GitPython: Newline injection in config_writer() section parameter bypasses CVE-2 CVE-2026-42215 GHSA-mv93-w799-cj2w HIGH pip/GitPython CVE: Summary The patch for CVE-2026-42215 (GitPython 3.1.49) validates newlines only in the value parameter of set_value(). The section and option parameters are passed to configparser without any

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44844 - eml_parser has recursion DoS via nested message/rfc822 attachments CVE-2026-44844 GHSA-g47v-rwmh-r9f8 MEDIUM pip/eml_parser CVE: CVE-2026-44844 Summary EmlParser.get_raw_body_text() recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who can supply a badly crafted EML file

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44843 - LangChain vulnerable to unsafe deserialization of attacker-controlled objects th CVE-2026-44843 GHSA-pjwx-r37v-7724 HIGH pip/langchain-core CVE: CVE-2026-44843 LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object allowlists. These paths may call load() with allowed_objects="

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44330 - free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens ca CVE-2026-44330 GHSA-rwww-x45w-p52w CRITICAL go/github.com/free5gc/nef CVE: CVE-2026-44330 Summary free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44329 - free5GC's SMF UPI management interface lacks auth middleware; unauthenticated to CVE-2026-44329 GHSA-3258-qmv8-frp3 CRITICAL go/github.com/free5gc/smf CVE: CVE-2026-44329 Summary free5GC's SMF mounts the UPI management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44328 - free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion v CVE-2026-44328 GHSA-p9mg-74mg-cwwr HIGH go/github.com/free5gc/smf CVE: CVE-2026-44328 Summary free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware (same root cause as the broader

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44327 - free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach t CVE-2026-44327 GHSA-cmpj-2x3g-m7g3 CRITICAL go/github.com/free5gc/nef CVE: CVE-2026-44327 Summary free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44326 - free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged b CVE-2026-44326 GHSA-3p28-73q7-45xp CRITICAL go/github.com/free5gc/nef CVE: CVE-2026-44326 Summary free5GC's NEF mounts the 3gpp-traffic-influence API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44325 - free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser v CVE-2026-44325 GHSA-f8qv-7x5w-qr48 HIGH go/github.com/free5gc/nrf CVE: CVE-2026-44325 Summary free5GC's NRF root SBI endpoint POST /oauth2/token contains a parser-level type-confusion bug family. The handler in NFs/nrf/internal/sbi/api_

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44324 - free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing UE state via ni CVE-2026-44324 GHSA-jqfc-gwj5-3w63 MEDIUM go/github.com/free5gc/udr CVE: CVE-2026-44324 Summary free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler panics on a single authenticated request against a

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44323 - free5GC's UDR nudr-dr DELETE amf-subscriptions panics on missing subsId when UE CVE-2026-44323 GHSA-4rqf-grm6-vf75 MEDIUM go/github.com/free5gc/udr CVE: CVE-2026-44323 Summary free5GC's UDR nudr-dr DELETE /subscription-data/{ueId}/{servingPlmnId}/ee-subscriptions/{subsId}/amf-subscriptions handler contains a nil-pointer dereference reachable from a single authenticated

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44322 - free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR acces CVE-2026-44322 GHSA-j59f-x285-69jx HIGH go/github.com/free5gc/nef CVE: CVE-2026-44322 Summary free5GC's NEF PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId} handler panics with a nil-pointer dereference when the upstream UDR call

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44321 - free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping CVE-2026-44321 GHSA-44qj-cghf-9p97 HIGH go/github.com/free5gc/smf CVE: CVE-2026-44321 Summary free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware (same root cause as free5gc/free5gc#

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44320 - free5GC's NEF nnef-callback route group is unauthenticated; forged callback requ CVE-2026-44320 GHSA-wqfh-gq79-j8mf HIGH go/github.com/free5gc/nef CVE: CVE-2026-44320 Summary free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g. Authorization:

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44318 - free5GC's BSF concurrent PUT /nbsf-management/v1/subscriptions/{subId} crashes t CVE-2026-44318 GHSA-27ph-8q4f-h7m7 MEDIUM go/github.com/free5gc/bsf CVE: CVE-2026-44318 Summary free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscriptions map. The handler first reads

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44317 - free5GC's PCF npcf-policyauthorization POST /app-sessions panics on suppFeat=1 w CVE-2026-44317 GHSA-wwqh-7jm5-gj7w MEDIUM go/github.com/free5gc/pcf CVE: CVE-2026-44317 Summary free5GC's PCF POST /npcf-policyauthorization/v1/app-sessions handler panics on a single authenticated request whose ascReqData.suppFeat == "1" (enabling traffic-routing

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44316 - free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/Op CVE-2026-44316 GHSA-wr8j-6chw-gm6p HIGH go/github.com/free5gc/pcf CVE: CVE-2026-44316 Summary free5GC's PCF POST /npcf-smpolicycontrol/v1/sm-policies handler (HandleCreateSmPolicyRequest) panics with a nil-pointer dereference when a downstream OpenAPI consumer call (UDR lookup)

📡 GitHub-Advisory · 2026-05-08 CVE-2026-44315 - free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens c CVE-2026-44315 GHSA-5f62-53r8-qrqf CRITICAL go/github.com/free5gc/nef CVE: CVE-2026-44315 Summary free5GC's NEF mounts the 3gpp-pfd-management API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI