|
4141
|
4.3 |
MEDIUM
Network
|
etcd
|
etcd
|
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requ…
|
CWE-863
Incorrect Authorization
|
CVE-2026-44283
|
2026-05-16 03:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4142
|
8.8 |
HIGH
Network
|
-
|
-
|
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-29203
|
2026-05-16 03:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4143
|
9.1 |
CRITICAL
Network
|
gtsteffaniak
|
filebrowser_quantum
|
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-stable and 1.3.9-beta, attacker-controlled path input is joined with a trusted base path prior to sanitization, allo…
|
CWE-22
Path Traversal
|
CVE-2026-44542
|
2026-05-16 03:09 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4144
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certifi…
|
CWE-295
Improper Certificate Validation
|
CVE-2026-23998
|
2026-05-16 03:08 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4145
|
8.8 |
HIGH
Network
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-43908
|
2026-05-16 03:07 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4146
|
8.8 |
HIGH
Network
|
openimageio
|
openimageio
|
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in t…
|
CWE-125
CWE-190
CWE-787
Out-of-bounds Read
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-43909
|
2026-05-16 03:07 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4147
|
5.3 |
MEDIUM
Network
|
misp
|
misp
|
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or mo…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-44379
|
2026-05-16 02:57 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4148
|
7.1 |
HIGH
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-boun…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-44637
|
2026-05-16 02:55 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4149
|
2.5 |
LOW
Local
|
saitoha
|
libsixel
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a wrong NULL check after an allocation call in sixel_decode_raw and sixel_decode causes a NULL pointe…
|
CWE-476
CWE-690
NULL Pointer Dereference
Unchecked Return Value to NULL Pointer Dereference
|
CVE-2026-44638
|
2026-05-16 02:54 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4150
|
5.4 |
MEDIUM
Network
|
lfprojects
|
mcp_registry
|
The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.7, the public catalogue UI served at GET / (file internal/api/handlers/v0/ui_index.ht…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-44429
|
2026-05-16 02:52 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
