|
2641
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
dm-verity: correctly handle dm_bufio_client_create() failure
If either of the calls to dm_bufio_client_create() in verity_fec_ctr…
|
NVD-CWE-noinfo
|
CVE-2026-43132
|
2026-05-9 02:26 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2642
|
7.9 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation
Commit cc3ed80ae69f ("KVM: nSVM: always use vmcb01 to for vmsave/vmload
o…
|
NVD-CWE-noinfo
|
CVE-2026-43133
|
2026-05-9 02:25 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2643
|
4.8 |
MEDIUM
Network
|
linuxcontainers
|
incus
|
Incus is a system container and virtual machine manager. In versions before 7.0.0, broken TLS validation logic in the OVN database connection logic can allow connections to an attacker's OVN database…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-40243
|
2026-05-9 02:23 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2644
|
8.2 |
HIGH
Network
|
quarkus
|
quarkus
|
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the sec…
|
CWE-863
Incorrect Authorization
|
CVE-2026-39852
|
2026-05-9 02:18 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2645
|
7.8 |
HIGH
Local
|
-
|
-
|
PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line argu…
|
CWE-88
CWE-93
Argument Injection
CRLF Injection
|
CVE-2026-41570
|
2026-05-9 02:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2646
|
8.8 |
HIGH
Network
|
-
|
-
|
NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js.
|
CWE-78
OS Command
|
CVE-2025-63705
|
2026-05-9 02:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2647
|
9.8 |
CRITICAL
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t…
|
CWE-502
CWE-918
Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)
|
CVE-2026-34084
|
2026-05-9 02:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2648
|
5.4 |
MEDIUM
Network
|
phpoffice
|
phpspreadsheet
|
PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HT…
|
CWE-79
Cross-site Scripting
|
CVE-2026-35453
|
2026-05-9 02:08 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2649
|
7.5 |
HIGH
Network
|
torproject
|
tor
|
Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009.
|
CWE-837
Improper Enforcement of a Single, Unique Action
|
CVE-2026-44601
|
2026-05-9 02:07 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2650
|
7.5 |
HIGH
Network
|
torproject
|
tor
|
Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006.
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-44602
|
2026-05-9 02:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
