NVD disclosure day

Published threat advisories for May 16, 2026

CVE advisoryCRITICAL

CVE-2021-47952

Python jsonpickle allows attackers to run any command on your systems.

Halo Surface Signal: 3 out of 5 — possibly public-facing.

The Python jsonpickle library contains a security flaw that an external attacker could exploit to gain full control of affected systems. By sending malicious data to an application using this library, they can remotely run unauthorized commands, which could result in a complete server compromise.

NVD published:

CVE advisoryCRITICAL

CVE-2020-37239

Image library allows attackers to crash services or steal data

Halo Surface Signal: 3 out of 5 — possibly public-facing.

The Libbabl image processing library contains a security flaw that allows an external attacker to gain unauthorized control of a system by providing a malicious file. This could lead to a complete compromise of the host, putting sensitive business data at risk.

NVD published:

CVE advisoryCRITICAL

CVE-2020-37228

Digital Signage System can be broken into, allowing attackers to take over accounts

Halo Surface Signal: 3 out of 5 — possibly public-facing.

The iDS6 DSSPro Digital Signage System has a login flaw that allows an external attacker to bypass security checks by stealing verification codes. This enables automated attempts to guess passwords, potentially leading to unauthorized administrative control over the system.

NVD published: