|
611
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
Update
|
NVD-CWE-noinfo
CWE-284
CWE-693
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-7959
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
612
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site iso…
Update
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7946
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
613
|
4.4 |
MEDIUM
Local
|
google
|
chrome
|
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: M…
Update
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7932
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
614
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
Update
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7916
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
615
|
8.1 |
HIGH
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
New
|
CWE-22
Path Traversal
|
CVE-2026-7807
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
616
|
- |
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side …
New
|
CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)
|
CVE-2026-44694
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
617
|
4.3 |
MEDIUM
Network
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MC…
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-42282
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
618
|
5.3 |
MEDIUM
Network
|
-
|
-
|
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-42190
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
619
|
5.5 |
MEDIUM
Network
|
-
|
-
|
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-42185
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
620
|
6.3 |
MEDIUM
Network
|
-
|
-
|
Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy allows an authenticated low-privileged user to create a link post through POST /api/v3/post. When a post is cre…
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-42180
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
