|
81
|
7.5 |
HIGH
Adjacent
|
google
|
chrome
|
Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-9123
|
2026-05-22 01:31 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
82
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-9124
|
2026-05-22 01:25 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
83
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-416
Use After Free
|
CVE-2026-9126
|
2026-05-22 01:23 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
84
|
8.8 |
HIGH
Adjacent
|
-
|
-
|
The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update operations. This issue is addressed in Automate 2026.5.
New
|
CWE-494
Download of Code Without Integrity Check
|
CVE-2026-9089
|
2026-05-22 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
85
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In the case of the cap_net service, when a key present in the old limit was omitted from the new limit, the missing key was treated as "allow any" instead of being rejected.
In certain scenarios, an…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-45254
|
2026-05-22 01:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
86
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
net/rds: reset op_nents when zerocopy page pin fails
When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(),
the pinne…
New
|
-
|
CVE-2026-43494
|
2026-05-22 01:16 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
87
|
9.3 |
CRITICAL
Network
|
-
|
-
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection.
This issue affects WP Directory Ki…
New
|
CWE-89
SQL Injection
|
CVE-2026-39531
|
2026-05-22 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
88
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial…
New
|
CWE-120
Classic Buffer Overflow
|
CVE-2026-36189
|
2026-05-22 01:16 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
89
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack proper per-model authorization checks when basic authenticati…
New
|
CWE-284
Improper Access Control
|
CVE-2026-2734
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
90
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting (XSS) vulnerability in @cyntler/react-doc-viewer v1.17.1 allows remote attackers to execute arbitrary JavaScript via a crafted .txt file. The TXTRenderer component fails to sanit…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-30691
|
2026-05-22 01:08 |
2026-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
