|
11
|
8.8 |
HIGH
Network
|
hkuds
|
openharness
|
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta…
Update
|
CWE-78
OS Command
|
CVE-2026-7551
|
2026-05-5 03:22 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
8.1 |
HIGH
Network
|
langflow
|
langflow
|
IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for an…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-6542
|
2026-05-5 03:21 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
9.8 |
CRITICAL
Network
|
progress
|
moveit_automation
|
Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass.
This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from…
Update
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-4670
|
2026-05-5 03:20 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
7.1 |
HIGH
Local
|
-
|
-
|
Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq…
New
|
CWE-23
Relative Path Traversal
|
CVE-2026-43616
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Apache Polaris accepts literal `*` characters in namespace and table names. When it
later builds temporary S3 access policies for delegated table access, those
same characters appear to be reused une…
New
|
CWE-20
CWE-116
Improper Input Validation
Improper Encoding or Escaping of Output
|
CVE-2026-42810
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager…
New
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-42796
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
- |
|
-
|
-
|
OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader
Versions Affected:
before 2.5.9
before 3.0.0-M3
Description:
The AbstractModelReader methods getOut…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42440
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
5.5 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit c3aacf5, the nb_colors field read from the BMP file header is used directly to compute an allocation size without validating it aga…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-42146
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
6.1 |
MEDIUM
Local
|
-
|
-
|
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all…
New
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42144
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
4.4 |
MEDIUM
Network
|
-
|
-
|
PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows user…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42140
|
2026-05-5 03:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
