|
1541
|
9.8 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42217
|
2026-05-9 02:01 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1542
|
8.8 |
HIGH
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41142
|
2026-05-9 02:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1543
|
9.8 |
CRITICAL
Network
|
hitachi
|
virtual_storage_one_block
|
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform On…
|
CWE-78
OS Command
|
CVE-2025-9661
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1544
|
7.8 |
HIGH
Local
|
zte
|
zxcloud_irai
|
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44406
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1545
|
9.1 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42216
|
2026-05-9 01:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1546
|
7.8 |
HIGH
Local
|
libreoffice
|
libreoffice
|
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-4430
|
2026-05-9 01:48 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1547
|
- |
|
-
|
-
|
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation.
'Elixir.Absinthe.Phase.Docum…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-43967
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1548
|
7.5 |
HIGH
Network
|
-
|
-
|
A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-42501
|
2026-05-9 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1549
|
7.5 |
HIGH
Network
|
-
|
-
|
locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener("message", …) handler that dispatches to regist…
|
CWE-79
CWE-346
Cross-site Scripting
Origin Validation Error
|
CVE-2026-41886
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1550
|
8.1 |
HIGH
Network
|
-
|
-
|
OmniFaces is a utility library for Faces. Prior to versions 1.14.2, 2.7.32, 3.14.16, 4.7.5, and 5.2.3, there is a server-side EL injection leading to Remote Code Execution (RCE). This affects applica…
|
CWE-917
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
|
CVE-2026-41883
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
