|
1351
|
7.0 |
HIGH
Local
|
-
|
-
|
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_…
|
CWE-378
Creation of Temporary File With Insecure Permissions
|
CVE-2026-4137
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
5.4 |
MEDIUM
Network
|
microsoft
|
edge_chromium
|
Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-45492
|
2026-05-20 00:03 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-8544
|
2026-05-19 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
3.1 |
LOW
Network
|
google
|
chrome
|
Object corruption in Compositing in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromi…
|
CWE-119
CWE-284
Incorrect Access of Indexable Resource ('Range Error')
Improper Access Control
|
CVE-2026-8545
|
2026-05-19 23:53 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
7.3 |
HIGH
Local
|
-
|
-
|
A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface.
|
CWE-266
Incorrect Privilege Assignment
|
CVE-2026-22069
|
2026-05-19 23:50 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
5.3 |
MEDIUM
Network
|
-
|
-
|
The /api/v1/autotranslate.translateMessage endpoint in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.6, <7.13.8, and <7.10.12 allows any authenticated user to retrieve the full content of any…
|
CWE-284
Improper Access Control
|
CVE-2026-32994
|
2026-05-19 23:50 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
6.3 |
MEDIUM
Adjacent
|
-
|
-
|
There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface.
|
CWE-200
Information Exposure
|
CVE-2026-44408
|
2026-05-19 23:50 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Missing Authorization vulnerability in Brainstorm Force Presto Player allows Exploiting Incorrectly Configured Access Control Security Levels.
This issue affects Presto Player: from n/a through 4.1.…
|
CWE-862
Missing Authorization
|
CVE-2026-45442
|
2026-05-19 23:50 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8541
|
2026-05-19 23:47 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
- |
|
-
|
-
|
The create and edit flows do not restrict which user properties may be submitted and do not enforce access control on the frontend user group assignment. As a result, an attacker can assign an arbitr…
|
CWE-639
CWE-915
Authorization Bypass Through User-Controlled Key
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46721
|
2026-05-19 23:47 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
