|
2901
|
4.8 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3495
|
2026-05-20 02:37 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2902
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an authenticated attacker with re…
|
CWE-862
Missing Authorization
|
CVE-2026-3637
|
2026-05-20 02:34 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2903
|
3.3 |
LOW
Local
|
continue
|
continue
|
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat…
|
CWE-22
Path Traversal
|
CVE-2026-8770
|
2026-05-20 02:30 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2904
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted …
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8510
|
2026-05-20 02:29 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2905
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec…
|
CWE-284
Improper Access Control
|
CVE-2026-8566
|
2026-05-20 02:29 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2906
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8571
|
2026-05-20 02:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2907
|
3.1 |
LOW
Network
|
google
|
chrome
|
Insufficient policy enforcement in Network in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craft…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8572
|
2026-05-20 02:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2908
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebXR in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informa…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8583
|
2026-05-20 02:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2909
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
|
CWE-416
Use After Free
|
CVE-2026-8513
|
2026-05-20 02:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2910
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a cra…
|
CWE-664
Improper Control of a Resource Through its Lifetime
|
CVE-2026-8517
|
2026-05-20 02:24 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
