|
1011
|
7.5 |
HIGH
Network
|
-
|
-
|
@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct bu…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-7768
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1012
|
7.5 |
HIGH
Network
|
-
|
-
|
fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an…
Update
|
CWE-436
Interpretation Conflict
|
CVE-2026-6322
|
2026-05-8 00:11 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1013
|
7.8 |
HIGH
Local
|
-
|
-
|
The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may b…
Update
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-6691
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1014
|
6.5 |
MEDIUM
Network
|
-
|
-
|
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view.
When resolving a view, the server inspects the aggregation pipeline to determine whe…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8063
|
2026-05-8 00:11 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1015
|
- |
|
-
|
-
|
A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence co…
Update
|
CWE-20
CWE-367
Improper Input Validation
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-6180
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1016
|
- |
|
-
|
-
|
An issue was discovered in the Shared Account Synchronization component of PaperCut MF (version 25.0.4). The application allows administrative users to configure a source path for account data synchr…
Update
|
CWE-36
CWE-552
Absolute Path Traversal
Files or Directories Accessible to External Parties
|
CVE-2026-6418
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1017
|
- |
|
-
|
-
|
An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" (diagnostic) mode is enabled, the application inadvertently records administrative credentials in plai…
Update
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-7824
|
2026-05-8 00:10 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1018
|
- |
|
-
|
-
|
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image.
When processing SVG marker references, the renderer retrieves a node by its id at…
Update
|
CWE-122
CWE-843
Heap-based Buffer Overflow
Type Confusion
|
CVE-2026-6210
|
2026-05-8 00:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1019
|
7.5 |
HIGH
Network
|
-
|
-
|
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package co…
New
|
CWE-89
SQL Injection
|
CVE-2026-41640
|
2026-05-8 00:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1020
|
- |
|
-
|
-
|
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red…
Update
|
CWE-601
Open Redirect
|
CVE-2025-61669
|
2026-05-8 00:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
