|
381
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Nornicdb is a distributed low-latency, Graph+Vector, Temporal MVCC with all sub-ms HNSW search, graph traversal, and writes. Prior to version 1.0.42-hotfix, the --address CLI flag (and NORNICDB_ADDRE…
New
|
CWE-1392
Use of Default Credentials
|
CVE-2026-42072
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
382
|
6.1 |
MEDIUM
Network
|
-
|
-
|
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker t…
New
|
CWE-80
Basic XSS
|
CVE-2026-42030
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
383
|
- |
|
-
|
-
|
pgx is a PostgreSQL driver and toolkit for Go. Prior to version 5.9.2, SQL injection can occur when the non-default simple protocol is used, a dollar quoted string literal is used in the SQL query, t…
New
|
CWE-89
SQL Injection
|
CVE-2026-41889
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
384
|
4.9 |
MEDIUM
Network
|
-
|
-
|
Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri() LESS features in the custom_less setting, but th…
New
|
CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)
|
CVE-2026-41887
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
385
|
7.8 |
HIGH
Local
|
-
|
-
|
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line argu…
New
|
CWE-88
CWE-93
Argument Injection
CRLF Injection
|
CVE-2026-41570
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
386
|
- |
|
-
|
-
|
Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan…
New
|
-
|
CVE-2026-38360
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
387
|
8.2 |
HIGH
Network
|
-
|
-
|
nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the librar…
New
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-29972
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
388
|
8.8 |
HIGH
Network
|
-
|
-
|
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.
Update
|
CWE-78
OS Command
|
CVE-2025-63705
|
2026-05-9 02:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
389
|
9.8 |
CRITICAL
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t…
Update
|
CWE-502
CWE-918
Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)
|
CVE-2026-34084
|
2026-05-9 02:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
390
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HT…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-35453
|
2026-05-9 02:08 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
