|
271
|
6.1 |
MEDIUM
Network
|
frappe
|
erpnext
|
ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript co…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-38432
|
2026-05-9 02:05 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
272
|
7.7 |
HIGH
Network
|
istio
|
istio
|
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal se…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41413
|
2026-05-9 02:03 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
273
|
9.8 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42217
|
2026-05-9 02:01 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
274
|
8.8 |
HIGH
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41142
|
2026-05-9 02:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
275
|
9.8 |
CRITICAL
Network
|
hitachi
|
virtual_storage_one_block
|
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform On…
New
|
CWE-78
OS Command
|
CVE-2025-9661
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276
|
7.8 |
HIGH
Local
|
zte
|
zxcloud_irai
|
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privi…
New
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44406
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277
|
9.1 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42216
|
2026-05-9 01:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278
|
7.8 |
HIGH
Local
|
libreoffice
|
libreoffice
|
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-4430
|
2026-05-9 01:48 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279
|
- |
|
-
|
-
|
ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, a composite denial-of-service vulnerability in Zebra's block discovery pipeline allows an unauthenticated remote attacker to pe…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-44499
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280
|
- |
|
-
|
-
|
Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation.
'Elixir.Absinthe.Phase.Docum…
New
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-43967
|
2026-05-9 01:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
