|
261
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site iso…
New
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7946
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
262
|
4.4 |
MEDIUM
Local
|
google
|
chrome
|
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: M…
New
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7932
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
263
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
New
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7916
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264
|
8.1 |
HIGH
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
New
|
CWE-22
Path Traversal
|
CVE-2026-7807
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265
|
- |
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side …
New
|
CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)
|
CVE-2026-44694
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266
|
4.3 |
MEDIUM
Network
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MC…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-42282
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
267
|
5.3 |
MEDIUM
Network
|
-
|
-
|
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42190
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
268
|
7.5 |
HIGH
Network
|
-
|
-
|
Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malici…
New
|
CWE-770
CWE-789
Allocation of Resources Without Limits or Throttling
Memory Allocation with Excessive Size Value
|
CVE-2026-42189
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
269
|
5.5 |
MEDIUM
Network
|
-
|
-
|
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-42185
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42181
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
