|
141
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr…
New
|
CWE-416
Use After Free
|
CVE-2026-7344
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
142
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
New
|
CWE-416
Use After Free
|
CVE-2026-7343
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
143
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-7336
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
144
|
6.5 |
MEDIUM
Network
|
-
|
-
|
When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total leng…
Update
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5265
|
2026-04-29 22:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
145
|
9.8 |
CRITICAL
Network
|
apache
|
pony_mail
|
** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover.
This issue affects all …
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-41873
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
146
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and service tag for authentication, both…
New
|
CWE-798
CWE-912
Use of Hard-coded Credentials
Hidden Functionality
|
CVE-2026-41446
|
2026-04-29 22:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
147
|
2.7 |
LOW
Network
|
github
|
enterprise_server
|
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated b…
Update
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-3307
|
2026-04-29 21:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
148
|
8.8 |
HIGH
Network
|
github
|
enterprise_server
|
An incorrect regular expression vulnerability was identified in GitHub Enterprise Server that allowed an attacker to bypass OAuth redirect URI validation. An attacker with knowledge of a first-party …
Update
|
CWE-185
Incorrect Regular Expression
|
CVE-2026-4296
|
2026-04-29 21:39 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
149
|
7.2 |
HIGH
Network
|
github
|
enterprise_server
|
An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands…
Update
|
CWE-78
OS Command
|
CVE-2026-4821
|
2026-04-29 21:36 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
150
|
4.3 |
MEDIUM
Network
|
github
|
enterprise_server
|
An improper authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated attacker to determine the names of private repositories by their numeric ID. The mobil…
Update
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-5512
|
2026-04-29 21:35 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
