|
231
|
7.5 |
HIGH
Network
|
fastify
|
fastify
|
Impact:
Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still …
Update
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2026-33806
|
2026-04-18 00:49 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
232
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6296
|
2026-04-18 00:42 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
233
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
Update
|
CWE-416
Use After Free
|
CVE-2026-6297
|
2026-04-18 00:42 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
234
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secu…
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6298
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
235
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
Update
|
CWE-416
Use After Free
|
CVE-2026-6299
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
236
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-6300
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
237
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-843
Type Confusion
|
CVE-2026-6301
|
2026-04-18 00:41 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
238
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-6306
|
2026-04-18 00:40 |
2026-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
239
|
7.5 |
HIGH
Network
|
-
|
-
|
A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-30999
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
240
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Scripting vulnerability in the Snipe-IT web-based asset management system v8.3.0 to up and including v8.3.1 allows authenticated attacker with lowest privileges sufficient only to log in, …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2025-63743
|
2026-04-18 00:38 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
