CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-6722 Use-After-Free in SOAP using Apache map 10.05.2026 9.5
CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe 09.05.2026 9.4
CVE-2026-42571 Privilege Escalation Attack affecting Pelican Web UI 09.05.2026 9
CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView 09.05.2026 9.3
CVE-2026-42560 auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation 09.05.2026 9.1
CVE-2026-44313 LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function 08.05.2026 9.1
CVE-2026-42354 Sentry: Improper authentication on SAML SSO process allows user identity linking 08.05.2026 9.1
CVE-2026-42454 Termix: OS Command Injection in Docker Container Management Endpoints 08.05.2026 9.9
CVE-2026-42298 Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev 08.05.2026 10
CVE-2026-42302 FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox 08.05.2026 9.8
CVE-2026-42287 Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions 08.05.2026 10
CVE-2026-42193 Plunk: SNS webhook forgery 08.05.2026 9.1
CVE-2026-42160 Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend 08.05.2026 10
CVE-2026-8178 Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver 08.05.2026 9.2
CVE-2026-42072 Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access 08.05.2026 9.8
CVE-2026-41070 openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access 08.05.2026 10
CVE-2026-41574 Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass 08.05.2026 9.3
CVE-2026-41583 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling 08.05.2026 9.3
CVE-2026-41584 ZEBRA: rk Identity Point Panic in Transaction Verification 08.05.2026 9.2
CVE-2026-41588 RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key() 08.05.2026 9
CVE-2026-44497 ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer 08.05.2026 9.3
CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops 08.05.2026 9.2
CVE-2026-41497 Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI 08.05.2026 9.8
CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen 08.05.2026 9.8
CVE-2026-41512 Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService` 08.05.2026 9.9
CVE-2026-44126 Insecure deserialization 08.05.2026 9.2
CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection 08.05.2026 9.4
CVE-2026-44125 Missing Authorization in GINAv2 08.05.2026 9.3
CVE-2026-44128 Unauthenticated Remote Code Execution 08.05.2026 9.3
CVE-2022-50994 DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi 08.05.2026 9.2
CVE-2026-8076 Weak credentials vulnerability in the CashDro 3 web administration panel 08.05.2026 9.3
CVE-2026-8153 Command injection in Dashboard Server interface 08.05.2026 9.8
CVE-2026-6213 Remote Spark SparkView RCE 08.05.2026 10
CVE-2026-41500 electerm has Command Injection Vulnerability via runMac function 08.05.2026 9.8
CVE-2026-41501 electerm has Command Injection Vulnerability via runLinux function 08.05.2026 9.8
CVE-2026-42208 LiteLLM: SQL injection in Proxy API key verification 09.05.2026 9.3
CVE-2026-43941 Unvalidated shell.openExternal in electerm allows arbitrary protocol execution via terminal link click 08.05.2026 9.6
CVE-2026-43944 electerm: dangerous code can be run through links or command line 08.05.2026 9.4
CVE-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction 08.05.2026 9.6
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability 09.05.2026 9.9
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability 08.05.2026 9.6
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability 09.05.2026 9
CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability 09.05.2026 9.6
CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability 09.05.2026 10
CVE-2026-7891 08.05.2026 9.3
CVE-2026-41902 FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks 08.05.2026 9.1
CVE-2026-7414 Hardcoded credentials in Yarbo robot firmware 07.05.2026 9.8
CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware 07.05.2026 9.8
CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write 07.05.2026 9.6
CVE-2026-6795 Open Redirect in DivvyDrive Information Technologies' DivvyDrive 07.05.2026 9.6
CVE-2026-5791 CSRF in DivvyDrive Information Technologies' DivvyDrive 07.05.2026 9.6
CVE-2026-6508 RCE in TUBITAK BILGEM's Liderahenk 07.05.2026 9.8
CVE-2026-33587 Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) 07.05.2026 9.2
CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE 07.05.2026 9.3
CVE-2026-40982 09.05.2026 9.1
CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2 07.05.2026 9.1
CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE 07.05.2026 9.4
CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE 07.05.2026 9.4
CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values 07.05.2026 10
CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route 07.05.2026 9.2
CVE-2026-43578 OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade 07.05.2026 9.1
CVE-2026-43581 OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding 07.05.2026 9
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution 07.05.2026 9.2
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation 07.05.2026 9.2
CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload 07.05.2026 9.4
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin 08.05.2026 9.2
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database 06.05.2026 9
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API 06.05.2026 9.4
CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling 07.05.2026 9.3
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree 08.05.2026 9.8
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation() 08.05.2026 9.8
CVE-2026-43186 ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() 08.05.2026 9.8
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated 08.05.2026 9.1
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock() 08.05.2026 9.8
CVE-2026-43208 net: do not pass flow_id to set_rps_cpu() 08.05.2026 9.8
CVE-2026-43083 net: ioam6: fix OOB and missing lock 08.05.2026 9.1
CVE-2026-43114 netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry 08.05.2026 9.4
CVE-2026-43117 btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() 08.05.2026 9.1
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly 07.05.2026 9.3
CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed 06.05.2026 9.3
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed 06.05.2026 9.3
CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API 06.05.2026 9.3
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution 05.05.2026 9.4
CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load 05.05.2026 9.2
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account 06.05.2026 9.8
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow 06.05.2026 9.3
CVE-2026-7853 D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow 05.05.2026 9.3
CVE-2026-43067 ext4: handle wraparound when searching for blocks for indirect mapped blocks 08.05.2026 9.8
CVE-2026-43071 dcache: Limit the minimal number of bucket to two 08.05.2026 9.1
CVE-2026-7411 06.05.2026 10
CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow 05.05.2026 9.3
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution 05.05.2026 9.3
CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console 05.05.2026 9.3
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events 06.05.2026 9.3
CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events 05.05.2026 9.1
CVE-2026-40797 WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability 05.05.2026 9.3
CVE-2026-7823 Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection 05.05.2026 9.3
CVE-2026-5294 GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action 06.05.2026 9.8
CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration 05.05.2026 9.8
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse 05.05.2026 9.8
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui 05.05.2026 9
CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi 08.05.2026 9.3
CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi 08.05.2026 9.3
CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi 08.05.2026 9.3
CVE-2026-41925 WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time) 08.05.2026 9.3
CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi 08.05.2026 9.3
CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE 05.05.2026 9.4
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE 05.05.2026 9.4
CVE-2026-41571 Note Mark: OIDC-registered users authenticated by submitting password "null" 04.05.2026 9.4
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base 05.05.2026 9.6
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool 04.05.2026 9.6
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure 04.05.2026 9.2
CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__ 04.05.2026 9.8
CVE-2026-24120 vm2: Sandbox Breakout Through Promise Species 05.05.2026 9.8
CVE-2026-24781 vm2: Sandbox Breakout Through Inspect 04.05.2026 9.8
CVE-2026-25293 Incorrect authorization in PLC FW 05.05.2026 9.6
CVE-2026-26332 vm2: Sandbox Escape 04.05.2026 9.8
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only) 05.05.2026 9.8
CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution 05.05.2026 9.8
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering 05.05.2026 9.6
CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names 04.05.2026 9.4
CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions 04.05.2026 9.4
CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials 04.05.2026 9.8
CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations 04.05.2026 9.4
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path` 04.05.2026 9.4
CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway 04.05.2026 9.3
CVE-2025-14320 XSS in Tegsoft's Online Support Application 04.05.2026 9.8
CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow 04.05.2026 9.3
CVE-2026-29200 04.05.2026 9.9
CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow 05.05.2026 9.3
CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability 05.05.2026 9.9
CVE-2026-42368 GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability 05.05.2026 9.9
CVE-2026-42369 GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability 05.05.2026 10
CVE-2026-42370 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability 05.05.2026 9
CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability 05.05.2026 9.3
CVE-2026-7372 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability 05.05.2026 9

Latest Updates

CVE Title Updated Score
CVE-2026-45186 10.05.2026 2.9
CVE-2026-8234 EFM ipTIME A8004T WifiBasicSet formWifiBasicSet stack-based overflow 10.05.2026
CVE-2026-8235 8421bit MiniClaw System kernel.ts resolveSkillScriptPath os command injection 10.05.2026
CVE-2026-6104 Global buffer over-read in mb_convert_encoding() with attacker-supplied encoding 10.05.2026
CVE-2026-7263 DoS attack via DOMNode::C14N() 10.05.2026
CVE-2026-8231 CodeAstro Online Catering Ordering System deleteorder.php sql injection 10.05.2026
CVE-2026-8232 Dotouch XproUPF UPF Process libvlib.so vlib_worker_loop denial of service 10.05.2026
CVE-2026-8233 Dotouch XproUPF access control 10.05.2026
CVE-2025-14179 SQL injection in pdo_firebird via NUL bytes in quoted strings 10.05.2026
CVE-2026-6722 Use-After-Free in SOAP using Apache map 10.05.2026
CVE-2026-6735 XSS within PHP-FPM status endpoint 10.05.2026
CVE-2026-7258 Out-of-bounds read in urldecode() on NetBSD 10.05.2026
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() 10.05.2026
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault 10.05.2026
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing <value> 10.05.2026
CVE-2026-7568 Signed integer overflow in metaphone() 10.05.2026
CVE-2026-8225 Open5GS delete Endpoint sm-sm.c pcf_npcf_smpolicycontrol_handle_delete denial of service 10.05.2026
CVE-2026-8226 Open5GS types.c ogs_pcc_rule_install_flow_from_media denial of service 10.05.2026
CVE-2026-8227 Wavlink NU516U1 adm.cgi wzdapMesh os command injection 10.05.2026
CVE-2026-8228 Wavlink NU516U1 wireless.cgi advance os command injection 10.05.2026
CVE-2026-8229 Wavlink NU516U1 wireless.cgi WifiBasic os command injection 10.05.2026
CVE-2026-8230 Wavlink NU516U1 login.cgi sys_login1 os command injection 10.05.2026
CVE-2026-8220 Devs Palace ERP Online customer-save cross site scripting 10.05.2026
CVE-2026-8221 Devs Palace ERP Online item-save cross site scripting 10.05.2026
CVE-2026-8222 Open5GS sm-policies Endpoint nbsf-handler.c pcf_nbsf_management_handle_register denial of service 10.05.2026
CVE-2026-8223 Open5GS sm-policies Endpoint pcf_sess_sbi_discover_and_send denial of service 10.05.2026
CVE-2026-8224 Open5GS PCF context.c pcf_sess_set_ipv6prefix denial of service 10.05.2026
CVE-2026-8217 Industrial Application Software IAS Canias ERP RMI Runtime.getRuntime.exec os command injection 10.05.2026
CVE-2026-8218 Devs Palace ERP Online purchase_return_save cross site scripting 10.05.2026
CVE-2026-8219 Devs Palace ERP Online supplier-save cross site scripting 10.05.2026
CVE-2026-8214 Industrial Application Software IAS Canias ERP RMI doAction improper authentication 10.05.2026
CVE-2026-8215 Industrial Application Software IAS Canias ERP RMI iasRequestFileEvent path traversal 10.05.2026
CVE-2026-8216 Industrial Application Software IAS Canias ERP Java RMI Session Management iasServerRemoteInterface.doAction improper authentication 10.05.2026
CVE-2026-8213 OSGeo gdal Grid File GDapi.c GDSDfldsrch heap-based overflow 09.05.2026
CVE-2026-45184 09.05.2026 6.5
CVE-2026-8212 OSGeo gdal SWapi.c SWSDfldsrch heap-based overflow 09.05.2026
CVE-2026-45182 09.05.2026 2.2
CVE-2026-8211 codelibs Fess JSP File AdminDesignAction.java update code injection 09.05.2026
CVE-2026-45181 10.05.2026 6.5
CVE-2026-8210 aandrew-me tgpt Update helper.go helper.Update command injection 09.05.2026
CVE-2026-8196 JeecgBoot mLogin Endpoint LoginController.java authorization 09.05.2026
CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting 09.05.2026
CVE-2026-42245 net-imap: Quadratic complexity when reading response literals 09.05.2026
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing 09.05.2026
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication 09.05.2026
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands 09.05.2026
CVE-2026-42258 net-imap: Command Injection via unvalidated Symbol inputs 09.05.2026
CVE-2026-42605 AzuraCast: Path Traversal in `currentDirectory` Parameter Enables Remote Code Execution via Media Upload 09.05.2026 8.8
CVE-2026-42606 AzuraCast: Password Reset Poisoning via Untrusted X-Forwarded-Host Header Leads to Account Takeover and 2FA Bypass 09.05.2026 8.1
CVE-2026-41893 Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force) 09.05.2026
CVE-2026-42333 quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations 09.05.2026
CVE-2026-42562 Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control) 09.05.2026 8.3
CVE-2026-42569 phpvms: /importer authorization bypass causing full database wipe 09.05.2026 9.4
CVE-2026-42571 Privilege Escalation Attack affecting Pelican Web UI 09.05.2026
CVE-2026-42574 apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root 09.05.2026 7.5
CVE-2026-42575 apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) 09.05.2026 7.5
CVE-2026-42576 apko `DiscoverKeys` has a panic on non-rsa jwks key that causes crash during key discovery 09.05.2026 6.5
CVE-2026-42601 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView 09.05.2026
CVE-2026-8194 osTicket Dispatcher class.dispatcher.php cross-site request forgery 09.05.2026
CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery 09.05.2026
CVE-2026-8191 Wavlink NU516U1 adm.cgi wifi_region os command injection 09.05.2026
CVE-2026-8192 Wavlink NU516U1 adm.cgi wzdap os command injection 09.05.2026
CVE-2026-8190 Wavlink NU516U1 adm.cgi wan os command injection 09.05.2026
CVE-2026-8189 Wavlink NU516U1 adm.cgi wzdrepeater os command injection 09.05.2026
CVE-2026-8188 Wavlink NU516U1 adm.cgi change_wifi_password os command injection 09.05.2026
CVE-2026-8198 Activity Logs, User Activity Tracking, Multisite Activity Log from Logtivity <= 3.3.6 - Unauthenticated Information Disclosure via REST API 09.05.2026 5.3
CVE-2026-8186 Open5GS NF client.c ogs_sbi_client_send_via_scp_or_sepp out-of-bounds 09.05.2026
CVE-2026-8187 Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption 09.05.2026