|
151
|
4.4 |
MEDIUM
Local
|
microsoft
|
365_copilot
|
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
Update
|
CWE-284
NVD-CWE-Other
Improper Access Control
|
CVE-2026-41100
|
2026-05-16 10:49 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
8.8 |
HIGH
Network
|
microsoft
|
data_formulator
|
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
Update
|
CWE-94
Code Injection
|
CVE-2026-41094
|
2026-05-16 10:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
4.3 |
MEDIUM
Network
|
microsoft
|
365_apps
office
word
|
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-40421
|
2026-05-16 10:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
- |
|
-
|
-
|
Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified.
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-8704
|
2026-05-16 10:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
- |
|
-
|
-
|
Crypt::DSA versions before 1.20 for Perl generate seeds using rand.
Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage.
New
|
CWE-331
Insufficient Entropy
|
CVE-2026-8700
|
2026-05-16 10:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
9.0 |
CRITICAL
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's plugin.json (and the equivale…
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-45375
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
8.3 |
HIGH
Network
|
-
|
-
|
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell comman…
New
|
CWE-78
OS Command
|
CVE-2026-45369
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
7.8 |
HIGH
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
New
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-44636
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
5.5 |
MEDIUM
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43996
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
7.8 |
HIGH
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43904
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
