|
71
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-9116
|
2026-05-22 01:56 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
72
|
6.5 |
MEDIUM
Network
|
plane
|
plane
|
Plane is an open-source project management tool. In versions 1.3.0 and below, SavedAnalyticEndpoint passes the user-controlled segment query parameter directly to a Django F() expression without vali…
New
|
CWE-943
Improper Neutralization of Special Elements in Data Query Logic
|
CVE-2026-40102
|
2026-05-22 01:56 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
73
|
6.1 |
MEDIUM
Network
|
obfuscate_project
|
obfuscate
|
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Obfuscate allows Cross-Site Scripting (XSS).
This issue affects Obfuscate: from 0.0.0 bef…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6871
|
2026-05-22 01:52 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
74
|
6.1 |
MEDIUM
Network
|
gaya
|
orejime
|
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Orejime allows Cross-Site Scripting (XSS).
This issue affects Orejime: from 0.0.0 before …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-6095
|
2026-05-22 01:46 |
2026-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
75
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…
New
|
CWE-843
Type Confusion
|
CVE-2026-9117
|
2026-05-22 01:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
76
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-9118
|
2026-05-22 01:45 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
77
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-9119
|
2026-05-22 01:44 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
78
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-9120
|
2026-05-22 01:41 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
79
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9121
|
2026-05-22 01:35 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
80
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9122
|
2026-05-22 01:32 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
