|
251
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: fix zero size inode with non-zero size after log replay
When logging that an inode exists, as part of logging a new name o…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43118
|
2026-05-9 02:30 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: correctly handle dm_bufio_client_create() failure
If either of the calls to dm_bufio_client_create() in verity_fec_ctr…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43132
|
2026-05-9 02:26 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253
|
7.9 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload
o…
Update
|
NVD-CWE-noinfo
|
CVE-2026-43133
|
2026-05-9 02:25 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
254
|
4.8 |
MEDIUM
Network
|
linuxcontainers
|
incus
|
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40243
|
2026-05-9 02:23 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255
|
8.2 |
HIGH
Network
|
quarkus
|
quarkus
|
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the sec…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-39852
|
2026-05-9 02:18 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256
|
- |
|
-
|
-
|
Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface.
'Elixir.Absinthe.P…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-42794
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRE…
New
|
CWE-1392
Use of Default Credentials
|
CVE-2026-42072
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258
|
6.1 |
MEDIUM
Network
|
-
|
-
|
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker t…
New
|
CWE-80
Basic XSS
|
CVE-2026-42030
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259
|
- |
|
-
|
-
|
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, t…
New
|
CWE-89
SQL Injection
|
CVE-2026-41889
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri() LESS features in the custom_less setting, but th…
New
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-41887
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
