|
2061
|
8.2 |
HIGH
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform pro…
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-8657
|
2026-05-20 00:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2062
|
7.5 |
HIGH
Network
|
-
|
-
|
This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled record count together with a zero record size. During parsing,…
|
CWE-1284
Improper Validation of Specified Quantity in Input
|
CVE-2026-8813
|
2026-05-20 00:38 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2063
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in…
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-8814
|
2026-05-20 00:38 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2064
|
9.8 |
CRITICAL
Network
|
microsoft
|
edge_chromium
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
CWE-20
CWE-94
CWE-119
Improper Input Validation
Code Injection
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-45495
|
2026-05-20 00:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2065
|
7.3 |
HIGH
Network
|
apache
|
ofbiz
|
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.0…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-29226
|
2026-05-20 00:29 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2066
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Input Validation vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-31378
|
2026-05-20 00:29 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2067
|
6.1 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Control of Generation of…
|
CWE-22
CWE-79
CWE-94
Path Traversal
Cross-site Scripting
Code Injection
|
CVE-2026-31379
|
2026-05-20 00:27 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2068
|
6.5 |
MEDIUM
Network
|
vercel
|
ai
|
A vulnerability was determined in vercel ai up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/respons…
|
CWE-400
CWE-404
Uncontrolled Resource Consumption
Improper Resource Shutdown or Release
|
CVE-2026-8769
|
2026-05-20 00:27 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2069
|
7.3 |
HIGH
Network
|
vercel
|
ai
|
A vulnerability was found in vercel ai up to 3.0.97. The affected element is the function validateDownloadUrl of the file packages/provider-utils/src/download-blob.ts of the component provider-utils.…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8768
|
2026-05-20 00:24 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2070
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-8580
|
2026-05-20 00:18 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
