|
501
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML pag…
New
|
CWE-416
Use After Free
|
CVE-2026-9956
|
2026-05-30 01:20 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
- |
|
-
|
-
|
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI (enabled via the command-line flag --enable-f…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-44903
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
8.2 |
HIGH
Network
|
-
|
-
|
LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other ap…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-44843
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Starlette is a lightweight ASGI framework/toolkit. Prior to version 1.0.1, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorit…
Update
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-48710
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
- |
|
-
|
-
|
A Server-Side Request Forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an attacker to cause the server to issue HTTP requests to internal services via the security…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-8606
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
- |
|
-
|
-
|
A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insu…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-9312
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
7.4 |
HIGH
Local
|
-
|
-
|
In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow. It reads a geometry attribute into a fixed-size stack buffer with…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-49014
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
- |
|
-
|
-
|
In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu…
Update
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-49017
|
2026-05-30 01:19 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
- |
|
-
|
-
|
Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42184
|
2026-05-30 01:19 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
- |
|
-
|
-
|
Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such …
Update
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-44378
|
2026-05-30 01:19 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
