7.1
CVE-2026-8063 - Post-auth null pointer dereference when aggregating against a view with empty search pipeline
An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whether it begins with an Atlas Search stage. For $rankFusion and $scoreFusion, this inspection reads tβ¦
7.5
CVE-2026-41640 - NocoBase Vulnerable to SQL Injection via String Concatenation in Recursive Eager Loading
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package constructs a recursive CTE query by joining nodeIds with string concatenation instead of using parametβ¦
6.3
CVE-2026-42217 - OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`)
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, readVariableLengthInteger() decodes a variable-length integer froβ¦
8.8
CVE-2026-42216 - OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, IDManifest::init() reconstructs strings from a prefix-compressed β¦
8.8
CVE-2026-41142 - OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEβ¦
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3.3.11, and 3.4.0 to before 3.4.11, there is an integer overflow in ImageChannel::resize that leads tβ¦
7.5
CVE-2026-40981 - Spring Cloud Config Google Secrets Manager Backend Allows Exposure of Secrets from Unintended GCP Pβ¦
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Entβ¦
7.4
CVE-2026-41002 - TOCTOU Directory Traversal in Spring Cloud Config Server Git Cloning
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enβ¦
4.4
CVE-2026-41004 - Sensitive Information Exposure via Trace Logging in Spring Cloud Config
When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 thrβ¦
8.7
CVE-2026-41675 - xmldom: XML node injection through unvalidated processing instruction serialization
xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML withouβ¦
9.1
CVE-2026-40982 - Unauthorized File Disclosure via Directory Traversal in Spring Cloud Config Server
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack. Spring Cloud Config 3.1.x: affected from 3.1β¦