|
2711
|
9.8 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-42217
|
2026-05-9 02:01 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2712
|
8.8 |
HIGH
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-41142
|
2026-05-9 02:00 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2713
|
9.8 |
CRITICAL
Network
|
hitachi
|
virtual_storage_one_block
|
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26 and 28.
This issue affects Hitachi Virtual Storage Platform On…
|
CWE-78
OS Command
|
CVE-2025-9661
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2714
|
7.8 |
HIGH
Local
|
zte
|
zxcloud_irai
|
ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privi…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-44406
|
2026-05-9 01:59 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2715
|
9.1 |
CRITICAL
Network
|
openexr
|
openexr
|
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From versions 3.0.0 to before 3.2.9, 3.3.0 to before 3…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-42216
|
2026-05-9 01:56 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2716
|
7.8 |
HIGH
Local
|
libreoffice
|
libreoffice
|
Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters.
This issue affects LibreOffice: from 26.2 before 26.2…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-4430
|
2026-05-9 01:48 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2717
|
6.3 |
MEDIUM
Network
|
-
|
-
|
In OpenStack Cyborg before 16.0.1, the Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), da…
|
CWE-282
Improper Ownership Management
|
CVE-2026-40214
|
2026-05-9 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2718
|
7.4 |
HIGH
Network
|
-
|
-
|
OpenStack Cyborg before 16.0.1 uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40213
|
2026-05-9 01:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2719
|
7.3 |
HIGH
Network
|
-
|
-
|
This vulnerability, in the MAXHUB Pivot client application versions
prior to v1.36.2, may allow an attacker to obtain encrypted tenant email
addresses and related metadata from any tenant. Due to t…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-6411
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2720
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE) vulnerability was identified in the OpenLearnX code execution envir…
|
CWE-78
CWE-94
CWE-250
CWE-284
CWE-693
OS Command
Code Injection
Execution with Unnecessary Privileges
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-41900
|
2026-05-9 01:08 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
