|
2721
|
6.1 |
MEDIUM
Network
|
beaugunderson
|
ip-address
|
ip-address is a library for parsing and manipulating IPv4 and IPv6 addresses in JavaScript. Prior to 10.1.1, Address6.group() and Address6.link() do not HTML-escape attacker-controlled content before…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42338
|
2026-05-20 05:04 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2722
|
8.8 |
HIGH
Network
|
tabby
|
tabby
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, Tabby registers itself as the handler for the tabby:// URL scheme on all platforms. The URL scheme handler supp…
|
CWE-78
OS Command
|
CVE-2026-45035
|
2026-05-20 04:41 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2723
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: …
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8567
|
2026-05-20 04:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2724
|
7.1 |
HIGH
Network
|
tabby
|
tabby
|
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without …
|
CWE-184
CWE-601
Incomplete Blacklist
Open Redirect
|
CVE-2026-45037
|
2026-05-20 04:27 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2725
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Codecs in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8573
|
2026-05-20 04:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2726
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
|
CWE-416
Use After Free
|
CVE-2026-8574
|
2026-05-20 04:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2727
|
9.4 |
CRITICAL
Network
|
dify
|
dify
|
Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded to the Plugin Daemon's internal REST API by exploiting insufficie…
|
CWE-23
Relative Path Traversal
|
CVE-2026-41948
|
2026-05-20 04:25 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2728
|
9.1 |
CRITICAL
Network
|
dify
|
dify
|
Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable trace configurations for any application regardless of tenant own…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41947
|
2026-05-20 04:24 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2729
|
7.2 |
HIGH
Network
|
dataease
|
dataease
|
A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results …
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-8724
|
2026-05-20 04:04 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2730
|
6.5 |
MEDIUM
Local
|
xen
|
xen
|
Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES
command within a transaction due to an assert() triggering.
In case xenstored was built with NDEBUG #defined nothing bad will
hap…
|
CWE-617
Reachable Assertion
|
CVE-2026-23557
|
2026-05-20 03:56 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
