|
3061
|
7.5 |
HIGH
Adjacent
|
google
|
chrome
|
Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-9123
|
2026-05-22 01:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3062
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf…
|
CWE-20
Improper Input Validation
|
CVE-2026-9124
|
2026-05-22 01:25 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3063
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-9126
|
2026-05-22 01:23 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3064
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.
In certain scenarios, an…
|
CWE-269
Improper Privilege Management
|
CVE-2026-45254
|
2026-05-22 01:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3065
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Ki…
|
CWE-89
SQL Injection
|
CVE-2026-39531
|
2026-05-22 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3066
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36189
|
2026-05-22 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3067
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati…
|
CWE-284
Improper Access Control
|
CVE-2026-2734
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3068
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-30691
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3069
|
3.3 |
LOW
Local
|
-
|
-
|
Android App "RoboForm Password Manager" provided by Siber Systems, Inc. handles Android intents without sufficient URL validation, user confirmation nor notification. If a URL to some malicious web p…
|
CWE-357
Insufficient UI Warning of Dangerous Operations
|
CVE-2026-47782
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3070
|
- |
|
-
|
-
|
XWiki Platform is a generic wiki platform. Versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17 allow access to read configuration files by using URLs such as http://localhost:8080/bin/ssx/Ma…
|
CWE-23
Relative Path Traversal
|
CVE-2026-23734
|
2026-05-22 01:04 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
