|
3691
|
8.8 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.5.18 contains a scope bypass vulnerability in the Gateway chat.send route that allows scoped clients to execute privileged commands. Attackers with operator.write scope can deliv…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35674
|
2026-06-2 03:22 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3692
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chrom…
|
CWE-200
Information Exposure
|
CVE-2026-9981
|
2026-06-2 03:22 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3693
|
6.5 |
MEDIUM
Network
|
-
|
-
|
view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the preview route derives an example name from the URL and calls…
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-44836
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3694
|
- |
|
-
|
-
|
eml_parser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.get_raw_body_text() recurse…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44844
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3695
|
- |
|
-
|
-
|
GitLab MCP Server lets an AI agent talk directly to GitLab. Prior to 0.6.0, the HTTP transport in src/transport.ts ships with no authentication layer at all and a wildcard Access-Control-Allow-Origin…
|
CWE-306
CWE-942
Missing Authentication for Critical Function
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-44895
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3696
|
7.5 |
HIGH
Network
|
-
|
-
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza…
|
CWE-248
Uncaught Exception
|
CVE-2026-44905
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3697
|
7.3 |
HIGH
Local
|
-
|
-
|
smallbitvec is a growable bit-vector for Rust, optimized for size. From 1.0.1 to 2.6.0, an integer overflow in the internal capacity calculation of smallbitvec can lead to an undersized heap allocati…
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-44983
|
2026-06-2 03:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3698
|
- |
|
-
|
-
|
Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authenticat…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-44830
|
2026-06-2 03:22 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3699
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensi…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9985
|
2026-06-2 03:20 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3700
|
6.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
|
CWE-346
Origin Validation Error
|
CVE-2026-9989
|
2026-06-2 03:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
