|
361
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium se…
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8563
|
2026-05-16 01:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
362
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a …
New
|
CWE-20
Improper Input Validation
|
CVE-2026-8528
|
2026-05-16 01:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
363
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…
New
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-8503
|
2026-05-16 01:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
364
|
- |
|
-
|
-
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr…
New
|
CWE-77
Command Injection
|
CVE-2026-46508
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
365
|
- |
|
-
|
-
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…
New
|
CWE-352
CWE-384
Origin Validation Error
Session Fixation
|
CVE-2026-45773
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366
|
- |
|
-
|
-
|
Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…
New
|
CWE-426
Untrusted Search Path
|
CVE-2026-45772
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
367
|
7.3 |
HIGH
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce…
New
|
CWE-77
Command Injection
|
CVE-2026-39054
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
368
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc…
New
|
CWE-94
Code Injection
|
CVE-2026-39052
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
369
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-38728
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
370
|
8.2 |
HIGH
Network
|
-
|
-
|
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…
New
|
CWE-124
Buffer Underflow
|
CVE-2026-34253
|
2026-05-16 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
