|
441
|
8.8 |
HIGH
Network
|
microsoft
|
data_formulator
|
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
Update
|
CWE-94
Code Injection
|
CVE-2026-41094
|
2026-05-16 10:47 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
442
|
4.3 |
MEDIUM
Network
|
microsoft
|
365_apps
office
word
|
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-40421
|
2026-05-16 10:43 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
443
|
9.0 |
CRITICAL
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's plugin.json (and the equivale…
New
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-45375
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
444
|
8.3 |
HIGH
Network
|
-
|
-
|
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell comman…
New
|
CWE-78
OS Command
|
CVE-2026-45369
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
445
|
7.8 |
HIGH
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
New
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-44636
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
446
|
5.5 |
MEDIUM
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43996
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
447
|
7.8 |
HIGH
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43904
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
448
|
- |
|
-
|
-
|
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the auth…
New
|
CWE-89
SQL Injection
|
CVE-2026-42847
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
449
|
- |
|
-
|
-
|
mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a…
New
|
CWE-78
CWE-862
OS Command
Missing Authorization
|
CVE-2026-41315
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
450
|
8.8 |
HIGH
Network
|
-
|
-
|
Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8558
|
2026-05-16 06:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
