|
21
|
9.1 |
CRITICAL
Network
|
-
|
-
|
auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the …
New
|
CWE-287
Improper Authentication
|
CVE-2026-42560
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
- |
|
-
|
-
|
Pillow is a Python imaging library. From version 10.3.0 to before version 12.2.0, processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code e…
New
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-42311
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
- |
|
-
|
-
|
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the…
New
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-42310
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
- |
|
-
|
-
|
Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polyg…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42309
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
- |
|
-
|
-
|
Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42308
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
- |
|
-
|
-
|
A missing authorization vulnerability in HCL BigFix WebUI allows an authenticated user without proper permissions to view sensitive environmental information via direct URL access to the unauthorized…
New
|
CWE-862
Missing Authorization
|
CVE-2025-15634
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
- |
|
-
|
-
|
An improper authorization vulnerability in HCL BigFix WebUI allows an authenticated user without Master Operator privileges to access internal data (site names, versions, and configuration variables)…
New
|
CWE-863
Incorrect Authorization
|
CVE-2025-15633
|
2026-05-9 15:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of th…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-8209
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
- |
|
-
|
-
|
Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PH…
New
|
CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
|
CVE-2026-8208
|
2026-05-9 13:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
7.5 |
HIGH
Local
|
-
|
-
|
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44028
|
2026-05-9 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
