|
361
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to validate 7zip archive structure before processing which allows an authenticated attacker to cause server memory exh…
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-6340
|
2026-05-20 02:21 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
7.5 |
HIGH
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without …
New
|
CWE-22
Path Traversal
|
CVE-2026-29963
|
2026-05-20 02:21 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29964
|
2026-05-20 02:20 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29965
|
2026-05-20 02:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-28732
|
2026-05-20 02:18 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
5.0 |
MEDIUM
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33234
|
2026-05-20 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input…
New
|
CWE-78
OS Command
|
CVE-2026-27130
|
2026-05-20 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8548
|
2026-05-20 02:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-8549
|
2026-05-20 01:58 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo…
Update
|
CWE-416
Use After Free
|
CVE-2026-8550
|
2026-05-20 01:51 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
