|
501
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Hi…
Update
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2026-7346
|
2026-05-1 03:28 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7347
|
2026-05-1 03:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-7348
|
2026-05-1 03:27 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-7339
|
2026-05-1 03:26 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to co…
Update
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-7160
|
2026-05-1 03:23 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov…
Update
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7151
|
2026-05-1 03:22 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
8.8 |
HIGH
Network
|
tenda
|
hg3_firmware
|
A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec…
Update
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7119
|
2026-05-1 03:22 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
6.1 |
MEDIUM
Adjacent
|
-
|
-
|
A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-sco…
New
|
CWE-312
Cleartext Storage of Sensitive Information
|
CVE-2026-7163
|
2026-05-1 03:16 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
6.5 |
MEDIUM
Adjacent
|
-
|
-
|
A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An att…
Update
|
CWE-843
Type Confusion
|
CVE-2026-6732
|
2026-05-1 03:16 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Improper
access control in the vault documentation feature in Devolutions
Server allows an authenticated attacker to read documentation content
from unauthorized vaults via a crafted API request.
…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-6706
|
2026-05-1 03:16 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
