|
871
|
- |
|
-
|
-
|
A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image.
When processing SVG marker references, the renderer retrieves a node by its id at…
New
|
CWE-122
CWE-843
Heap-based Buffer Overflow
Type Confusion
|
CVE-2026-6210
|
2026-05-8 00:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
872
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C…
Update
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-27644
|
2026-05-8 00:09 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
873
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper …
Update
|
CWE-91
Blind XPath Injection
|
CVE-2026-27693
|
2026-05-8 00:09 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
874
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver n…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-27694
|
2026-05-8 00:09 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
875
|
7.5 |
HIGH
Network
|
-
|
-
|
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package co…
New
|
CWE-89
SQL Injection
|
CVE-2026-41640
|
2026-05-8 00:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
876
|
- |
|
-
|
-
|
Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red…
Update
|
CWE-601
Open Redirect
|
CVE-2025-61669
|
2026-05-8 00:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
877
|
- |
|
-
|
-
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d…
New
|
CWE-22
Path Traversal
|
CVE-2026-35397
|
2026-05-8 00:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
878
|
- |
|
-
|
-
|
Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pa…
New
|
CWE-777
|
CVE-2026-40110
|
2026-05-8 00:07 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
879
|
- |
|
-
|
-
|
In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 an…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-40171
|
2026-05-8 00:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
880
|
- |
|
-
|
-
|
OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnera…
New
|
CWE-22
Path Traversal
|
CVE-2026-40075
|
2026-05-8 00:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
