|
1321
|
2.5 |
LOW
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointe…
|
CWE-476
CWE-690
NULL Pointer Dereference
Unchecked Return Value to NULL Pointer Dereference
|
CVE-2026-44638
|
2026-05-16 02:54 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1322
|
5.4 |
MEDIUM
Network
|
lfprojects
|
mcp_registry
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.ht…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-44429
|
2026-05-16 02:52 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1323
|
7.2 |
HIGH
Network
|
misp
|
misp
|
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, an improper access control vulnerability in the authentication key reset functionality allowed an authenticated organ…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44380
|
2026-05-16 02:42 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1324
|
5.3 |
MEDIUM
Network
|
misp
|
misp
|
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, a SQL injection vulnerability existed in the handling of user-controlled ordering parameters in the event and shadow …
|
CWE-89
SQL Injection
|
CVE-2026-44381
|
2026-05-16 02:37 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1325
|
8.1 |
HIGH
Network
|
fit2cloud
|
sqlbot
|
SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. Prior to 1.8.0, SQLBot contains a Cross-Workspace IDOR (Insecure Direct Object Reference) and Authorization Bypass …
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42463
|
2026-05-16 02:34 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1326
|
9.1 |
CRITICAL
Network
|
opnsense
|
opnsense
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. T…
|
CWE-88
Argument Injection
|
CVE-2026-44193
|
2026-05-16 02:30 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1327
|
4.7 |
MEDIUM
Network
|
lfprojects
|
mcp_registry
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audienc…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-44428
|
2026-05-16 02:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1328
|
9.1 |
CRITICAL
Network
|
opnsense
|
opnsense
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileg…
|
CWE-78
OS Command
|
CVE-2026-44194
|
2026-05-16 02:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1329
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated u…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44423
|
2026-05-16 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1330
|
7.5 |
HIGH
Network
|
zitadel
|
zitadel
|
ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to pro…
|
CWE-90
LDAP Injection
|
CVE-2026-44671
|
2026-05-16 02:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
