|
3331
|
5.3 |
MEDIUM
Network
|
-
|
-
|
PHP-SHOP 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to add administrative users by crafting malicious HTML forms. Attackers can trick authenticated …
|
CWE-352
Origin Validation Error
|
CVE-2018-25397
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3332
|
8.8 |
HIGH
Network
|
-
|
-
|
A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stac…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10066
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3333
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in Shibby Tomato 1.28. Impacted is the function sub_90F0 of the file multimon.cgi. The manipulation results in stack-based buffer overflow. The attack can be launched rem…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-10067
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3334
|
- |
|
-
|
-
|
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same after authentication. This behaviour enables an attacker to fix a session ID
f…
|
CWE-384
Session Fixation
|
CVE-2026-33384
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3335
|
- |
|
-
|
-
|
QuickCMS is vulnerable to Cross-Site Scripting (XSS) through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle (MITM) attack by impersonating the…
|
CWE-79
Cross-site Scripting
|
CVE-2026-33386
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3336
|
9.9 |
CRITICAL
Network
|
-
|
-
|
Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.1 and earlier, a command injection vulnerability exists in the Docker file upload functionality. When an authenticated user uplo…
|
CWE-77
Command Injection
|
CVE-2026-45663
|
2026-05-30 01:29 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3337
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in XML in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9947
|
2026-05-30 01:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3338
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
|
CWE-416
Use After Free
|
CVE-2026-9949
|
2026-05-30 01:28 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3339
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9951
|
2026-05-30 01:28 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3340
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9952
|
2026-05-30 01:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
