|
2601
|
9.0 |
CRITICAL
Network
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar (community marketplace) renders the name and version fields of a package's plugin.json (and the equivale…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-45375
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2602
|
8.3 |
HIGH
Network
|
-
|
-
|
python-utcp is the python implementation of UTCP. Prior to 1.1.3, the _substitute_utcp_args method in cli_communication_protocol.py inserts user-controlled tool_args values directly into shell comman…
|
CWE-78
OS Command
|
CVE-2026-45369
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2603
|
7.8 |
HIGH
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-44636
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2604
|
5.5 |
MEDIUM
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43996
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2605
|
7.8 |
HIGH
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43904
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2606
|
- |
|
-
|
-
|
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the auth…
|
CWE-89
SQL Injection
|
CVE-2026-42847
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2607
|
- |
|
-
|
-
|
mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a…
|
CWE-78
CWE-862
OS Command
Missing Authorization
|
CVE-2026-41315
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2608
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Reserved. Details will be published at disclosure.
|
CWE-20
Improper Input Validation
|
CVE-2026-45393
|
2026-05-16 06:16 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2609
|
7.2 |
HIGH
Network
|
arubanetworks
|
arubaos
sd-wan
|
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authentica…
|
NVD-CWE-noinfo
CWE-296
Improper Following of a Certificate's Chain of Trust
|
CVE-2026-44852
|
2026-05-16 06:16 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2610
|
6.5 |
MEDIUM
Network
|
getoutline
|
outline
|
Outline is a service that allows for collaborative documentation. Prior to 1.7.1, the Slack integration callback for GET /auth/slack.post accepts an unsigned, session-independent OAuth state value. A…
|
CWE-352
Origin Validation Error
|
CVE-2026-44695
|
2026-05-16 05:21 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
