|
121
|
5.4 |
MEDIUM
Network
|
-
|
-
|
The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insuffic…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-3369
|
2026-04-16 21:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
3.1 |
LOW
Network
|
-
|
-
|
The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user…
New
|
CWE-862
Missing Authorization
|
CVE-2026-3155
|
2026-04-16 21:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
6.0 |
MEDIUM
Network
|
-
|
-
|
Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usab…
New
|
CWE-613
Insufficient Session Expiration
|
CVE-2025-12624
|
2026-04-16 20:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
7.2 |
HIGH
Network
|
-
|
-
|
Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a …
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6361
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.5 |
HIGH
Network
|
-
|
-
|
Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted…
New
|
CWE-416
Use After Free
|
CVE-2026-6319
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-416
Use After Free
|
CVE-2026-6318
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
7.5 |
HIGH
Network
|
-
|
-
|
Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-6308
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
8.8 |
HIGH
Network
|
-
|
-
|
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6306
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-6303
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
6.1 |
MEDIUM
Network
|
-
|
-
|
The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection.
An attacker can leverage this by injecting malicious scripts into t…
New
|
CWE-79
Cross-site Scripting
|
CVE-2025-6024
|
2026-04-16 19:16 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
