📡 GitHub-Advisory · 2026-05-07 CVE-2026-42879 - FacturaScripts Vulnerable to Authenticated Remote Code Execution (RCE) via GIF I CVE-2026-42879 GHSA-vf3q-frmr-vrr9 MEDIUM composer/facturascripts/facturascripts CVE: CVE-2026-42879 CVE-2026-42879 - FacturaScripts - Authenticated Unrestricted File Upload via MIME Type Bypass Summary An authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload functionality.

📡 GitHub-Advisory · 2026-05-07 CVE-2026-42878 - FacturaScripts Vulnerable to Unauthenticated phpinfo() Disclosure via Installer CVE-2026-42878 GHSA-vrxf-vrc4-22p7 MEDIUM composer/facturascripts/facturascripts CVE: CVE-2026-42878 Summary An unauthenticated information disclosure vulnerability in the Installer controller allows any remote attacker to trigger phpinfo() on a fresh FacturaScripts deployment by requesting /?phpinfo=TRUE, exposing full PHP configuration,

📡 NVD-Latest · 2026-05-07 CVE-2026-40981 (CVSS 7.5) - When using Google Secrets Manager as a backend for the Spring Cloud Config serve CVE-2026-40981 CVE-2026-40981 CVSS:7.5 When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server

📡 NVD-Latest · 2026-05-07 CVE-2026-41002 (CVSS 7.2) - The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring CVE-2026-41002 CVE-2026-41002 CVSS:7.2 The base directory (spring.cloud.config.server.git.basedir) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use

📡 NVD-Latest · 2026-05-07 CVE-2026-41640 (CVSS 7.5) - NocoBase is an AI-powered no-code/low-code platform for building business applic CVE-2026-41640 CVE-2026-41640 CVSS:7.5 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database

📡 NVD-Latest · 2026-05-07 CVE-2026-41660 (CVSS 7.1) - Admidio is an open-source user management solution. Prior to version 5.0.9, a lo CVE-2026-41660 CVE-2026-41660 CVSS:7.1 Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset

📡 NVD-Latest · 2026-05-07 CVE-2026-41669 (CVSS 8.2) - Admidio is an open-source user management solution. Prior to version 5.0.9, the CVE-2026-41669 CVE-2026-41669 CVSS:8.2 Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards the return value of

📡 NVD-Latest · 2026-05-07 CVE-2026-41139 (CVSS 8.8) - Math.js is an extensive math library for JavaScript and Node.js. From version 13 CVE-2026-41139 CVE-2026-41139 CVSS:8.8 Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0,

📡 NVD-Latest · 2026-05-07 CVE-2026-41143 (CVSS 8.8) - YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar m CVE-2026-41143 CVE-2026-41143 CVSS:8.8 YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection

📡 NVD-Latest · 2026-05-07 CVE-2026-41641 (CVSS 7.2) - NocoBase is an AI-powered no-code/low-code platform for building business applic CVE-2026-41641 CVE-2026-41641 CVSS:7.2 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the checkSQL() validation function that blocks dangerous

📡 NVD-Latest · 2026-05-07 CVE-2026-4348 (CVSS 7.5) - The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the ` CVE-2026-4348 CVE-2026-4348 CVSS:7.5 The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the get_current_letter_docs and docs_sort_by_letter AJAX actions in

📡 NVD-Latest · 2026-05-07 CVE-2026-6692 (CVSS 8.8) - The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa CVE-2026-6692 CVE-2026-6692 CVSS:8.8 The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_

📡 NVD-Latest · 2026-05-07 CVE-2026-7252 (CVSS 8.1) - The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page CVE-2026-7252 CVE-2026-7252 CVSS:8.1 The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable to arbitrary file deletion due to

📡 NVD-Latest · 2026-05-07 CVE-2025-9661 (CVSS 8.1) - OS command injection vulneravility in the management gui (maintenance utility) o CVE-2025-9661 CVE-2025-9661 CVSS:8.1 OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28. This issue affects Hitachi Virtual

📡 NVD-Latest · 2026-05-07 CVE-2026-4430 (CVSS 7.8) - Out-of-bounds write vulnerability in The Document Foundation LibreOffice via cra CVE-2026-4430 CVE-2026-4430 CVSS:7.8 Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2.3,

📡 NVD-Latest · 2026-05-07 CVE-2025-68060 (CVSS 7.6) - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti CVE-2025-68060 CVE-2025-68060 CVSS:7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue

📡 NVD-Latest · 2026-05-07 CVE-2026-28201 (CVSS 7.8) - An improper input validation, together with an overly permissive default CORS co CVE-2026-28201 CVE-2026-28201 CVSS:7.8 An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user

📡 NVD-Latest · 2026-05-07 CVE-2026-33588 (CVSS 8.1) - Lack of user input validation in the file upload functionality of Open Notebook CVE-2026-33588 CVE-2026-33588 CVSS:8.1 Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify files

📡 NVD-Latest · 2026-05-07 CVE-2026-41642 (CVSS 7.5) - GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P CVE-2026-41642 CVE-2026-41642 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial of

📡 NVD-Latest · 2026-05-07 CVE-2026-41643 (CVSS 7.5) - GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P CVE-2026-41643 CVE-2026-41643 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote Denial

📡 NVD-Latest · 2026-05-07 CVE-2026-42285 (CVSS 7.5) - GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P CVE-2026-42285 CVE-2026-42285 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an unauthenticated remote BGP

📡 NVD-Latest · 2026-05-07 CVE-2026-5784 (CVSS 8.8) - Improper neutralization of input during web page generation ('cross-site scripti CVE-2026-5784 CVE-2026-5784 CVSS:8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from

📡 NVD-Latest · 2026-05-07 CVE-2026-6002 (CVSS 8.8) - Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu CVE-2026-6002 CVE-2026-6002 CVSS:8.8 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting (XSS). This issue

📡 NVD-Latest · 2026-05-07 CVE-2026-30495 (CVSS 8.8) - The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) e CVE-2026-30495 CVE-2026-30495 CVSS:8.8 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP

📡 NVD-Latest · 2026-05-07 CVE-2026-41490 (CVSS 8.3) - Dagster is an orchestration platform for the development, production, and observ CVE-2026-41490 CVE-2026-41490 CVSS:8.3 Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version 1.13.1 and prior to Dagster libraries