CVE Vulnerabilities - 9 May 2026

Net::IMAP, a Ruby library for accessing email, had a security issue that allowed attackers to inject malicious commands. This has been fixed in newer versions. If you're using an older version, update...

The Net::IMAP library in Ruby has a security issue. If a user enters malicious input, it could be used to execute unauthorized commands on the email server. This issue has been fixed in versions 0.4.2...

Apache HTTP Server's PHP module allows attackers to execute arbitrary code on the server, potentially leading to unauthorized data access or system compromise. This affects servers using the PHP modul...

Apache's HTTP Server on Windows can be crashed by a malicious request, causing the server to stop working. This affects servers running Apache on Windows and can be exploited by an attacker to make th...

An issue in the 'Easy Social Sharing' plugin for WordPress allows attackers to inject malicious code. This could lead to unauthorized access to sensitive data or website takeover. Update the plugin to...

A bug in PgBouncer's SCRAM code can cause a stack overflow if a malicious backend sends a long nonce. This can potentially allow an attacker to crash the PgBouncer service. To fix this, update to vers...

The domain_lookup module in mcp-server allows unauthenticated attackers to execute arbitrary system commands. This could lead to unauthorized access, data theft, or disruption of service. Update the m...

The mcp-server's domain lookup module allows an unauthenticated attacker to execute arbitrary system commands. This could lead to unauthorized access to system resources, data theft, or system comprom...

Apache HTTP Server versions 2.4.53 and earlier may crash or become unresponsive when processing certain HTTP requests. This could lead to service downtime or allow an attacker to disrupt website funct...

Linkwarden, a self-hosted bookmark manager, had a security flaw that allowed authenticated users to make unauthorized requests to internal services. This could have allowed them to access sensitive in...

Old versions of Gibbon software are at risk of being hacked by a malicious user with Teacher or higher privileges. If exploited, this could allow the hacker to access and control the server hosting Gi...

A security flaw in the Wavlink NU516U1 M16U1_V240425 allows hackers to remotely execute commands on the device. This could potentially allow them to access sensitive information or take control of the...

A vulnerability in Wavlink's NU516U1 M16U1_V240425 allows an attacker to manipulate WiFi settings remotely. This could potentially allow an attacker to execute system commands, which could lead to una...

An attacker can remotely inject malicious commands into a Wavlink NU516U1 router's WAN configuration. This could allow an attacker to gain unauthorized access to the router or disrupt internet connect...

A vulnerability in the web interface of Wavlink NU516U1 M16U1_V240425 allows an attacker to execute arbitrary system commands remotely. This could potentially be used to take control of the device or ...

A security flaw in the Wavlink NU516U1 router's WiFi password change function allows hackers to execute malicious commands on the system. This means that an attacker can remotely access and control th...

Apache HTTP Server versions 2.4.52 and earlier may be vulnerable to a denial of service attack. This could allow an attacker to crash the server, disrupting access to websites and online services. We ...

Apache HTTP Server versions 2.4.52 and earlier may allow an attacker to execute arbitrary code on the server if they can send a specially crafted HTTP request. This could potentially allow the attacke...

Apache HTTP Server versions 2.4.51 and earlier have a vulnerability in their log file handling. This could allow an attacker to execute malicious code on a server by manipulating log entries. To prote...

A self-hosted bookmark manager, Linkwarden, has a security issue in older versions. If an attacker uploads malicious HTML files, they can run code on your server when users access the archive. To prot...

Bubblewrap, a tool for sandboxing applications, has a security issue when installed in a special mode that allows certain users to gain more access than they should. This could potentially allow attac...

An attacker can delete data in Spring AI's database by manipulating document IDs. This is a security risk because sensitive information can be removed. To fix this, upgrade to version 1.0.7 or later f...

A vulnerability in a Java library used by Firefox allows attackers to execute malicious code. This could potentially allow hackers to take control of a user's browser. Firefox users should update thei...

A user with limited access to Plainpad can gain full admin rights by submitting a specific request. This could allow them to access and modify sensitive data. Update to version 1.1.1 to fix this issue...

Certain Debian Linux systems are missing a security update, which allows an attacker to overwrite system files. This could lead to unauthorized access and data tampering. Update your Debian Linux syst...