|
1421
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site iso…
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7946
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
4.4 |
MEDIUM
Local
|
google
|
chrome
|
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: M…
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7932
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7916
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
8.1 |
HIGH
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
|
CWE-22
Path Traversal
|
CVE-2026-7807
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1425
|
- |
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. From version 2.18.7 to before version 2.50.2, there is an authenticated server-side …
|
CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)
|
CVE-2026-44694
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1426
|
4.3 |
MEDIUM
Network
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs in HTTP transport mode, authenticated MC…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-42282
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
5.3 |
MEDIUM
Network
|
-
|
-
|
RedwoodSDK is a server-first React framework. From version 1.0.0-beta.50 to before version 1.2.3, server actions in rwsdk apply HTTP method enforcement but no origin validation. A request originating…
|
CWE-352
Origin Validation Error
|
CVE-2026-42190
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
5.5 |
MEDIUM
Network
|
-
|
-
|
People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in…
|
CWE-269
Improper Privilege Management
|
CVE-2026-42185
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
5.3 |
MEDIUM
Network
|
-
|
-
|
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming request…
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-41495
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
8.8 |
HIGH
Network
|
-
|
-
|
A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…
|
CWE-61
UNIX Symbolic Link (Symlink) Following
|
CVE-2026-29203
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
