Total CVEs

143,835

Critical Severity

4,094

High Severity

14,788

Last 7 Days

1,443
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,341 - 14,360 of 40,240 CVEs
CVE-2026-44637 HIGH - 7.1

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, a signed integer overflow in the SIXEL parser's image-buffer doubling loop can lead to an out-of-bounds heap write in sixel_decode_raw_impl. context->pos_x grows by repeat_count on every si...

Vendor: saitoha
Product: libsixel
Published: May 14, 2026
Source: NVD
CVE-2026-44636 HIGH - 7.4

libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap buffer overflow. The public sixel_encode entry point validates only that width and height are...

Vendor: saitoha
Product: libsixel
Published: May 14, 2026
Source: NVD
CVE-2026-43996 MEDIUM - 5.5

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, the bounds check in TGAInput::decode_pixel computes k + palbytespp as unsigned 32-bit arithmetic. When k = 0xFFFFFFFC and palbytespp = 4, ...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43909 HIGH - 8.8

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43908 HIGH - 8.8

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the function to compute a lar...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43907 HIGH - 8.3

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when processi...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43906 HIGH - 7.8

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metadata ...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43905 HIGH - 7.8

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer size as const int bufsize = w * h * ch * buffer_bpp using signed 32-bit arithmetic. When the product...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43904 HIGH - 7.8

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, softimageinput.cpp:469 (mixed RLE) and :345 (pure RLE) do not clamp the run length to remaining scanline width before writing pixels. The ...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD
CVE-2026-43903 HIGH - 7.8

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, sgiinput.cpp:265,274 use OIIO_DASSERT for bounds checking in the RLE decode loop. In release builds, OIIO_DASSERT compiles to ((void)sizeo...

Vendor: AcademySoftwareFoundation
Product: OpenImageIO
Published: May 14, 2026
Source: NVD

Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values

Published: May 14, 2026
Source: NVD
CVE-2026-45303 HIGH - 7.7

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an iF...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub
CVE-2026-45301 HIGH - 8.1

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.3.16, a missing permission check in all files related API endpoints allows any authenticated user to list, access and delete every file uploaded by every user to the platform. This vulnerabi...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub

electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync targets. Affects users who import bookmark JSON files or who have electerm sync configured (gist/Web...

Vendor: npm
Product: electerm
Published: May 14, 2026
Source: GitHub
CVE-2026-45299 MEDIUM - 5.4

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, the profile_image_url field on the user profile update form accepted arbitrary data: URI values without MIME-type validation, resulting in a XSS vulnerability. This vulnerability is fix...

Vendor: pip
Product: open-webui
Published: May 14, 2026
Source: GitHub

Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kuma-cp config leaks the admin bootstrap token and signing keys to any webpage the operator visits while the control plane is reach...

Vendor: go
Product: github.com/kumahq/kuma
Published: May 14, 2026
Source: GitHub
CVE-2026-8621 HIGH - 8.8

Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers can inject malicious X-Crabbox-Owner and X-Crabbox-Org headers in requests authenticated with a sha...

Published: May 14, 2026
Source: NVD
CVE-2026-44633 HIGH - 8.1

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can cha...

Vendor: LiveHelperChat
Product: livehelperchat
Published: May 14, 2026
Source: NVD
CVE-2026-44592 CRITICAL - 9.4

Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has PeerA...

Vendor: wavelens
Product: gradient
Published: May 14, 2026
Source: NVD
CVE-2026-44586 HIGH - 8.3

SiYuan is an open-source personal knowledge management system. From 2.1.12 to before 3.7.0. SiYuan's Bazaar marketplace renders package author metadata from the public bazaar stage feed into HTML without escaping. In the desktop app this becomes stored XSS, and because SiYuan's Electron wi...

Vendor: siyuan-note
Product: siyuan
Published: May 14, 2026
Source: NVD