|
571
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29964
|
2026-05-20 02:20 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
6.1 |
MEDIUM
Network
|
hsclabs
|
mailinspector
|
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-29965
|
2026-05-20 02:19 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to enforce slash command trigger-word uniqueness during command updates which allows an authenticated team member with…
New
|
CWE-863
Incorrect Authorization
|
CVE-2026-28732
|
2026-05-20 02:18 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
5.0 |
MEDIUM
Network
|
-
|
-
|
AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogpt_platform/backen…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-33234
|
2026-05-20 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName parameter. 3 chained issues cause this problem: inadequate input…
New
|
CWE-78
OS Command
|
CVE-2026-27130
|
2026-05-20 02:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8548
|
2026-05-20 02:02 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-8549
|
2026-05-20 01:58 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memo…
Update
|
CWE-416
Use After Free
|
CVE-2026-8550
|
2026-05-20 01:51 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
7.5 |
HIGH
Network
|
dhtmlx
|
pdf_export_module
|
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Path Traversal due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could incl…
Update
|
CWE-22
Path Traversal
|
CVE-2026-41552
|
2026-05-20 01:49 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
7.5 |
HIGH
Network
|
twisted
|
twisted
|
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 26.4.0rc2, the twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exha…
Update
|
CWE-400
CWE-407
Uncontrolled Resource Consumption
Inefficient Algorithmic Complexity
|
CVE-2026-42304
|
2026-05-20 01:47 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
