|
151
|
7.3 |
HIGH
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') vulnerability in Apache OFBiz.
This issue affects Ap…
New
|
CWE-94
CWE-95
Code Injection
Eval Injection
|
CVE-2026-46586
|
2026-05-20 01:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
9.1 |
CRITICAL
Network
|
freedesktop
|
gst-plugins-good
|
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before per…
Update
|
CWE-369
Divide By Zero
|
CVE-2026-46470
|
2026-05-20 01:34 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
New
|
CWE-862
Missing Authorization
|
CVE-2026-8547
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information fr…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8546
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive infor…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8543
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
New
|
CWE-416
Use After Free
|
CVE-2026-8542
|
2026-05-20 01:32 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a …
New
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8585
|
2026-05-20 01:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
4.2 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page…
New
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-8584
|
2026-05-20 01:29 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …
New
|
CWE-416
Use After Free
|
CVE-2026-8530
|
2026-05-20 01:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in WebML in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8531
|
2026-05-20 01:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
