|
2401
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in Media in Google Chrome on Linux and ChromeOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informati…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8535
|
2026-05-20 01:26 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2402
|
3.1 |
LOW
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation v…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-8536
|
2026-05-20 01:26 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2403
|
9.8 |
CRITICAL
Network
|
wgdashboard
|
wgdashboard
|
WGDashboard is a dashboard for WireGuard VPN. Prior to 4.3.2, there are critical vulnerabilities affecting WGDashboard that, if exploited, could allow unauthorized parties to access the host file sys…
|
CWE-20
Improper Input Validation
|
CVE-2026-44343
|
2026-05-20 01:21 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2404
|
7.6 |
HIGH
Network
|
pocketbase
|
pocketbase
|
Pocketbase is an open source web backend written in go. Prior to 0.22.42 and 0.37.4, in some situations, if an attacker knows the email address of the victim they can create and link an unverified Po…
|
CWE-287
Improper Authentication
|
CVE-2026-44166
|
2026-05-20 01:20 |
2026-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2405
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Script injection in SanitizerAPI in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security s…
|
CWE-94
Code Injection
|
CVE-2026-8539
|
2026-05-20 01:18 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2406
|
8.8 |
HIGH
Network
|
axis
|
axis_os
|
A configuration file on the local file system had improper input validation which could allow code execution and potentially lead to privilege escalation. This vulnerability can only be exploited if …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-1185
|
2026-05-20 01:07 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2407
|
7.3 |
HIGH
Local
|
axis
|
axis_os
|
An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. This vulnerability can only be exploited if the Axi…
|
CWE-35
Path Traversal: '.../...//'
|
CVE-2026-0804
|
2026-05-20 01:06 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2408
|
7.3 |
HIGH
Local
|
axis
|
axis_os
|
An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis d…
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-0802
|
2026-05-20 01:05 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2409
|
7.3 |
HIGH
Local
|
axis
|
axis_os
|
ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited …
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-0541
|
2026-05-20 00:40 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2410
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an appli…
|
CWE-79
Cross-site Scripting
|
CVE-2026-8656
|
2026-05-20 00:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
