|
101
|
7.8 |
HIGH
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu…
New
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-44636
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
102
|
5.5 |
MEDIUM
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43996
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
103
|
7.8 |
HIGH
Local
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) an…
New
|
CWE-787
Out-of-bounds Write
|
CVE-2026-43904
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
104
|
- |
|
-
|
-
|
ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #122, there is a critical SQL Injection (SQLi) vulnerability in ClipBucket, exploitable through the type parameter on the auth…
New
|
CWE-89
SQL Injection
|
CVE-2026-42847
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
105
|
7.5 |
HIGH
Network
|
-
|
-
|
Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle…
New
|
CWE-362
Race Condition
|
CVE-2026-42594
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
106
|
- |
|
-
|
-
|
mdserver-web is a simple Linux panel. From 0.18.0 to 0.18.4, mdserver-web has a front-end unauthorized remote command execution vulnerability. Due to the lack of authentication on the /modify_crond a…
New
|
CWE-78
CWE-862
OS Command
Missing Authorization
|
CVE-2026-41315
|
2026-05-16 10:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
107
|
- |
|
-
|
-
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an unauthenticated reflected cross-site scripting (XSS) issue in the…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45622
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
108
|
8.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied file_id and attach the referenced file to …
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45402
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
109
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-45396
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
110
|
7.1 |
HIGH
Network
|
-
|
-
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.6, there is a vulnerability in chat completion API, which allows attackers to bypass to…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45350
|
2026-05-16 08:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
