|
121
|
8.8 |
HIGH
Network
|
-
|
-
|
Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-843
Type Confusion
|
CVE-2026-7337
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-7335
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-7333
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
7.7 |
HIGH
Network
|
-
|
-
|
Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure direct object reference.. When…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-41649
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
7.5 |
HIGH
Network
|
-
|
-
|
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both hea…
New
|
CWE-444
HTTP Request Smuggling
|
CVE-2026-40560
|
2026-04-29 23:16 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerabi…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34003
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to…
Update
|
CWE-825
Expired Pointer Dereference
|
CVE-2026-34001
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
7.8 |
HIGH
Local
|
-
|
-
|
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger …
Update
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-33999
|
2026-04-29 23:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY
filemap_fault() may drop the mmap_lock before returning VM_FAULT_R…
Update
|
CWE-416
Use After Free
|
CVE-2026-31597
|
2026-04-29 23:15 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
5.3 |
MEDIUM
Adjacent
|
opentelemetry
|
opentelemetry
|
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol (OTLP), the exporter may parse a server-provide…
Update
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-40891
|
2026-04-29 23:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
