|
491
|
7.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicio…
Update
|
CWE-408
Incorrect Behavior Order: Early Amplification
|
CVE-2026-41405
|
2026-05-1 04:37 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
7.3 |
HIGH
Network
|
nextchat
|
nextchat
|
A weakness has been identified in ChatGPTNextWeb NextChat up to 2.16.1. This affects the function storeUrl of the file app/api/artifacts/route.ts of the component Artifacts Endpoint. This manipulatio…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7178
|
2026-05-1 04:26 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
7.3 |
HIGH
Network
|
nextchat
|
nextchat
|
A security flaw has been discovered in ChatGPTNextWeb NextChat up to 2.16.1. Affected by this issue is the function proxyHandler of the file app/api/[provider]/[...path]/route.ts. The manipulation re…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-7177
|
2026-05-1 04:26 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
7.3 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have…
Update
|
CWE-119
CWE-787
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Write
|
CVE-2026-7323
|
2026-05-1 03:38 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7333
|
2026-05-1 03:30 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7334
|
2026-05-1 03:29 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7335
|
2026-05-1 03:29 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7336
|
2026-05-1 03:28 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-843
Type Confusion
|
CVE-2026-7337
|
2026-05-1 03:28 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
7.5 |
HIGH
Adjacent
|
google
|
chrome
|
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium securi…
Update
|
CWE-416
Use After Free
|
CVE-2026-7338
|
2026-05-1 03:28 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
