|
1601
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Mediu…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7995
|
2026-05-7 08:19 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1602
|
4.2 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML …
|
CWE-20
Improper Input Validation
|
CVE-2026-7996
|
2026-05-7 08:18 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1603
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium …
|
CWE-20
Improper Input Validation
|
CVE-2026-7997
|
2026-05-7 08:18 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1604
|
- |
|
-
|
-
|
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
|
-
|
CVE-2026-6278
|
2026-05-7 08:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1605
|
9.4 |
CRITICAL
Network
|
-
|
-
|
Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored pas…
|
CWE-287
Improper Authentication
|
CVE-2026-41571
|
2026-05-7 06:25 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1606
|
- |
|
-
|
-
|
FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser control…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-32699
|
2026-05-7 06:25 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1607
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker ca…
|
CWE-352
Origin Validation Error
|
CVE-2026-40309
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1608
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cUsers.updateAddress function does not properly validate anti-CSRF tokens for user address management …
|
CWE-352
Origin Validation Error
|
CVE-2026-40174
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1609
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the `cTrash.restore` function does not properly validate anti-CSRF tokens for content restoration requests…
|
CWE-352
Origin Validation Error
|
CVE-2026-40325
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1610
|
- |
|
-
|
-
|
Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the createBundle method in `csettings.cfc` does not properly validate anti-CSRF tokens for site bundle cre…
|
CWE-352
Origin Validation Error
|
CVE-2026-40326
|
2026-05-7 06:22 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
