|
131
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fbdev: of: display_timing: fix refcount leak in of_get_display_timings()
of_parse_phandle() returns a device_node with refcount i…
Update
|
NVD-CWE-Other
|
CVE-2026-43264
|
2026-05-9 05:33 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
132
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix RSS context delete logic
We need to free the corresponding RSS context VNIC
in FW everytime an RSS context is delete…
Update
|
CWE-415
Double Free
|
CVE-2026-43260
|
2026-05-9 05:31 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
133
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
phy: fsl-imx8mq-usb: set platform driver data
Add missing platform_set_drvdata() as the data will be used in remove().
Update
|
NVD-CWE-noinfo
|
CVE-2026-43259
|
2026-05-9 05:31 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
134
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security…
New
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-8018
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
135
|
4.2 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-7989
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
136
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
New
|
NVD-CWE-noinfo
CWE-284
CWE-693
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-7959
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
137
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site iso…
New
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7946
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
138
|
4.4 |
MEDIUM
Local
|
google
|
chrome
|
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: M…
New
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7932
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
139
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
New
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7916
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
140
|
8.1 |
HIGH
Network
|
-
|
-
|
SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API endpoint that allows authenticated users to read arbitrary .json fi…
New
|
CWE-22
Path Traversal
|
CVE-2026-7807
|
2026-05-9 05:16 |
2026-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
