|
2651
|
9.8 |
CRITICAL
Network
|
frappe
|
erpnext
|
ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on…
|
CWE-94
Code Injection
|
CVE-2026-38431
|
2026-05-9 02:06 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2652
|
8.8 |
HIGH
Network
|
mathjs
|
mathjs
|
Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has…
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-41139
|
2026-05-9 02:06 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2653
|
6.1 |
MEDIUM
Network
|
frappe
|
erpnext
|
ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript co…
|
CWE-79
Cross-site Scripting
|
CVE-2026-38432
|
2026-05-9 02:05 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2654
|
7.7 |
HIGH
Network
|
istio
|
istio
|
Istio is an open platform to connect, manage, and secure microservices. Prior to versions 1.28.6 and 1.29.2, when a RequestAuthentication resource is created with a jwksUri pointing to an internal se…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-41413
|
2026-05-9 02:03 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2655
|
9.8 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42217
|
2026-05-9 02:01 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2656
|
8.8 |
HIGH
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41142
|
2026-05-9 02:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2657
|
9.8 |
CRITICAL
Network
|
hitachi
|
virtual_storage_one_block
|
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform On…
|
CWE-78
OS Command
|
CVE-2025-9661
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2658
|
7.8 |
HIGH
Local
|
zte
|
zxcloud_irai
|
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44406
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2659
|
9.1 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42216
|
2026-05-9 01:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2660
|
7.8 |
HIGH
Local
|
libreoffice
|
libreoffice
|
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-4430
|
2026-05-9 01:48 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
