|
1051
|
6.3 |
MEDIUM
Network
|
-
|
-
|
ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con…
Update
|
CWE-94
Code Injection
|
CVE-2025-67031
|
2026-05-19 01:16 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1052
|
5.5 |
MEDIUM
Adjacent
|
google
|
chrome
|
Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …
Update
|
CWE-284
Improper Access Control
|
CVE-2026-8586
|
2026-05-19 00:28 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1053
|
7.5 |
HIGH
Network
|
fleetdm
|
fleet
|
Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-46356
|
2026-05-19 00:27 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1054
|
6.5 |
MEDIUM
Network
|
webpack.js
|
webpack-dev-server
|
webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…
Update
|
CWE-749
Exposed Dangerous Method or Function
|
CVE-2026-6402
|
2026-05-19 00:23 |
2026-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1055
|
5.3 |
MEDIUM
Network
|
-
|
-
|
### Summary
`qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8723
|
2026-05-19 00:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1056
|
7.8 |
HIGH
Local
|
amd
|
radeon_software
cleanup_utility
|
A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2024-36333
|
2026-05-19 00:15 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1057
|
8.8 |
HIGH
Network
|
postgresql
|
postgresql
|
Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if…
Update
|
CWE-89
CWE-121
SQL Injection
Stack-based Buffer Overflow
|
CVE-2026-6637
|
2026-05-19 00:05 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1058
|
4.3 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain…
Update
|
CWE-126
Buffer Over-read
|
CVE-2026-6575
|
2026-05-19 00:04 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1059
|
7.5 |
HIGH
Network
|
postgresql
|
postgresql
|
Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disable…
Update
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-6479
|
2026-05-19 00:04 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1060
|
6.5 |
MEDIUM
Network
|
postgresql
|
postgresql
|
Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 …
Update
|
CWE-385
Covert Timing Channel
|
CVE-2026-6478
|
2026-05-19 00:03 |
2026-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
