|
271
|
7.8 |
HIGH
Local
|
zhinst
|
labone_q
|
The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-7584
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
9.8 |
CRITICAL
Network
|
bitwarden
|
cli
|
Bitwarden CLI 2026.4.0 from 2026-04-22T21:57Z to 2026-04-22T23:30Z, when obtained from npm, had embedded malicious code. This is related to a Checkmarx supply chain incident.
Update
|
CWE-78
CWE-94
OS Command
Code Injection
|
CVE-2026-42994
|
2026-05-5 03:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
6.5 |
MEDIUM
Network
|
apple
|
container
|
Users who connect to malicious registries with hostnames matching the bypass patterns will have their registry credentials exposed in plaintext. This issue is fixed in container version 0.12.3.
Update
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-28909
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
8.8 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta…
Update
|
CWE-78
OS Command
|
CVE-2026-7551
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
8.1 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6542
|
2026-05-5 03:21 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
9.8 |
CRITICAL
Network
|
progress
|
moveit_automation
|
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from…
Update
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-4670
|
2026-05-5 03:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
7.1 |
HIGH
Local
|
-
|
-
|
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-43616
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds temporary S3 access policies for delegated table access, those
same characters appear to be reused une…
New
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2026-42810
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42796
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
