|
2581
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NPM package next-npm-version1.0.1 is vulnerable to Command injection.
|
CWE-94
Code Injection
|
CVE-2025-63706
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2582
|
9.8 |
CRITICAL
Network
|
-
|
-
|
npm package parse-ini v1.0.6 is vulnerable to Prototype Pollution in index.js().
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2025-63703
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2583
|
9.1 |
CRITICAL
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new use…
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-41902
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2584
|
9.8 |
CRITICAL
Network
|
-
|
-
|
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object.
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2025-63704
|
2026-05-9 07:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2585
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
staging: rtl8723bs: fix memory leak on failure path
cfg80211_inform_bss_frame() may return NULL on failure. In that case,
the all…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43225
|
2026-05-9 06:22 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2586
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
hfs: Replace BUG_ON with error handling for CNID count checks
In a06ec283e125 next_id, folder_count, and file_count in the super …
|
CWE-617
Reachable Assertion
|
CVE-2026-43228
|
2026-05-9 06:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2587
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: pvrusb2: fix URB leak in pvr2_send_request_ex
When pvr2_send_request_ex() submits a write URB successfully but fails to
su…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43223
|
2026-05-9 06:14 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2588
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix sgtable leak on mapping failures
In an unlikely case when io_populate_area_dma() fails, which could only
happe…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43224
|
2026-05-9 06:13 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2589
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
clocksource/drivers/sh_tmu: Always leave device running after probe
The TMU device can be used as both a clocksource and a clocke…
|
NVD-CWE-noinfo
|
CVE-2026-43227
|
2026-05-9 06:11 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2590
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: radio-keene: fix memory leak in error path
Fix a memory leak in usb_keene_probe(). The v4l2 control handler is
initialized…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-43231
|
2026-05-9 06:09 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
