|
451
|
6.1 |
MEDIUM
Network
|
lollms
|
lollms
|
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack o…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-1116
|
2026-04-18 01:18 |
2026-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
452
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compon…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-6497
|
2026-04-18 01:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
453
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php.
New
|
CWE-89
SQL Injection
|
CVE-2026-37749
|
2026-04-18 01:17 |
2026-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
454
|
6.5 |
MEDIUM
Network
|
phoca
|
maps
|
Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered.
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-23900
|
2026-04-18 01:15 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
455
|
7.5 |
HIGH
Network
|
fastify
|
fastify
|
Impact:
Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still …
Update
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-33806
|
2026-04-18 00:49 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
456
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6296
|
2026-04-18 00:42 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
457
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
Update
|
CWE-416
Use After Free
|
CVE-2026-6297
|
2026-04-18 00:42 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
458
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6298
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
459
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Update
|
CWE-416
Use After Free
|
CVE-2026-6299
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
460
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-6300
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
