|
1241
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-8004
|
2026-05-7 22:54 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1242
|
4.3 |
MEDIUM
Adjacent
|
google
|
chrome
|
Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic.…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-8005
|
2026-05-7 22:54 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1243
|
8.8 |
HIGH
Network
|
redistimeseries
|
redistimeseries
|
RedisTimeSeries is a time-series module for Redis. In all versions before 1.12.14 of RedisTimeSeries, the module does not properly validate serialized values processed through the Redis RESTORE comma…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25588
|
2026-05-7 22:46 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1244
|
8.8 |
HIGH
Network
|
redisbloom
|
redisbloom
|
RedisBloom is a probabilistic data structures module for Redis. In all versions of RedisBloom before 2.8.20, the module does not properly validate serialized values processed through the Redis RESTOR…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-25589
|
2026-05-7 22:44 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1245
|
7.5 |
HIGH
Network
|
owasp
|
modsecurity
|
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Libmodsecurity is one component of the ModSecurity v3 project. A segmentation fault occu…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-30923
|
2026-05-7 22:41 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1246
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HT…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-7998
|
2026-05-7 22:40 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1247
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium…
|
CWE-200
Information Exposure
|
CVE-2026-7999
|
2026-05-7 22:39 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1248
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-8000
|
2026-05-7 22:39 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1249
|
7.7 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to…
|
CWE-918
CWE-1188
Server-Side Request Forgery (SSRF)
Insecure Default Initialization of Resource
|
CVE-2026-43527
|
2026-05-7 22:29 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1250
|
6.1 |
MEDIUM
Network
|
apache
|
wicket
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42509
|
2026-05-7 22:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
