|
511
|
7.0 |
HIGH
Local
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby before 1.0.233 automatically confirms ZMODEM protocol detection on all terminal session output without us…
New
|
CWE-78
OS Command
|
CVE-2026-45036
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
512
|
- |
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
New
|
CWE-78
OS Command
|
CVE-2026-45035
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
513
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
New
|
CWE-295
CWE-347
Improper Certificate Validation
Improper Verification of Cryptographic Signature
|
CVE-2026-44309
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
514
|
- |
|
-
|
-
|
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform with a high level of backward compatibility. Pr…
New
|
CWE-330
CWE-331
CWE-338
Use of Insufficiently Random Values
Insufficient Entropy
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
|
CVE-2026-42155
|
2026-05-16 03:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
515
|
8.8 |
HIGH
Network
|
-
|
-
|
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
Update
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-29203
|
2026-05-16 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
516
|
9.1 |
CRITICAL
Network
|
gtsteffaniak
|
filebrowser_quantum
|
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allo…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44542
|
2026-05-16 03:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
517
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certifi…
New
|
CWE-295
Improper Certificate Validation
|
CVE-2026-23998
|
2026-05-16 03:08 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
518
|
8.8 |
HIGH
Network
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
New
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-43908
|
2026-05-16 03:07 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
519
|
8.8 |
HIGH
Network
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
New
|
CWE-125
CWE-190
CWE-787
Out-of-bounds Read
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-43909
|
2026-05-16 03:07 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
520
|
5.3 |
MEDIUM
Network
|
misp
|
misp
|
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or mo…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-44379
|
2026-05-16 02:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
