|
531
|
7.1 |
HIGH
Network
|
-
|
-
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
New
|
CWE-184
CWE-601
Incomplete Blacklist
Open Redirect
|
CVE-2026-45037
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz…
New
|
CWE-94
Code Injection
|
CVE-2026-44717
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
7.5 |
HIGH
Network
|
-
|
-
|
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH…
New
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-44714
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference…
New
|
CWE-129
CWE-390
Improper Validation of Array Index
Detection of Error Condition Without Action
|
CVE-2026-44310
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
9.1 |
CRITICAL
Network
|
-
|
-
|
OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates databas…
New
|
CWE-94
Code Injection
|
CVE-2026-41258
|
2026-05-16 02:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
6.5 |
MEDIUM
Network
|
shellhub
|
shellhub
|
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated u…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-44423
|
2026-05-16 02:16 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
7.5 |
HIGH
Network
|
zitadel
|
zitadel
|
ZITADEL is an open source identity management platform. From 2.71.11 to before 3.4.10 and 4.15.0, a vulnerability was discovered in Zitadel's LDAP identity provider implementation, which fails to pro…
New
|
CWE-90
LDAP Injection
|
CVE-2026-44671
|
2026-05-16 02:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
6.5 |
MEDIUM
Network
|
frappe
|
erpnext
|
ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.102.0 and 16.11.0, certain endpoints failed to enforce proper authorization checks, allowing users to modify data beyo…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-44448
|
2026-05-16 01:20 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
9.1 |
CRITICAL
Network
|
opnsense
|
opnsense
|
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, unsanitized user input is passed to the DHCP configuration of the configured interface, which is processed by a shell scrip…
Update
|
CWE-88
Argument Injection
|
CVE-2026-45158
|
2026-05-16 01:19 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec…
New
|
CWE-284
Improper Access Control
|
CVE-2026-8566
|
2026-05-16 01:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
