|
2301
|
6.5 |
MEDIUM
Network
|
guimard
|
apache\
|
Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids.
Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re…
|
CWE-338
CWE-340
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Generation of Predictable Numbers or Identifiers
|
CVE-2026-8503
|
2026-05-19 03:23 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2302
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-8561
|
2026-05-19 03:22 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2303
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu…
|
CWE-1300
Improper Protection of Physical Side Channels
|
CVE-2026-8562
|
2026-05-19 03:21 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2304
|
9.1 |
CRITICAL
Network
|
-
|
-
|
DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fi…
|
CWE-22
Path Traversal
|
CVE-2026-45230
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2305
|
8.8 |
HIGH
Network
|
-
|
-
|
Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrato…
|
CWE-269
Improper Privilege Management
|
CVE-2026-41085
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2306
|
6.2 |
MEDIUM
Local
|
-
|
-
|
OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-38719
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2307
|
5.5 |
MEDIUM
Local
|
-
|
-
|
NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i…
|
CWE-190
CWE-476
Integer Overflow or Wraparound
NULL Pointer Dereference
|
CVE-2026-32849
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2308
|
4.7 |
MEDIUM
Local
|
-
|
-
|
NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently…
|
CWE-362
CWE-415
Race Condition
Double Free
|
CVE-2026-32848
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2309
|
5.3 |
MEDIUM
Local
|
oalders
|
www\
|
WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution.
With no explicit cache…
|
CWE-502
CWE-732
Deserialization of Untrusted Data
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-8612
|
2026-05-19 03:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2310
|
8.8 |
HIGH
Network
|
-
|
-
|
ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
|
CWE-77
Command Injection
|
CVE-2025-57282
|
2026-05-19 03:17 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
