|
1871
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-5898
|
2026-04-14 06:17 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1872
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scri…
|
CWE-346
Origin Validation Error
|
CVE-2026-5899
|
2026-04-14 06:16 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1873
|
5.3 |
MEDIUM
Local
|
-
|
-
|
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child_process.exec of the file src/compressor.js of the component Compressor Feature. This manipulati…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-6219
|
2026-04-14 06:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1874
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site s…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6218
|
2026-04-14 06:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1875
|
3.5 |
LOW
Network
|
-
|
-
|
A security vulnerability has been detected in DbGate up to 7.1.4. This affects an unknown function of the file packages/web/src/icons/FontIcon.svelte of the component SVG Icon String Handler. Such ma…
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-6216
|
2026-04-14 06:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1876
|
8.8 |
HIGH
Network
|
-
|
-
|
A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to…
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-6197
|
2026-04-14 06:16 |
2026-04-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1877
|
7.2 |
HIGH
Network
|
-
|
-
|
Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.17.3, the /api/templates/fetch endpoint accepts a caller-supplied url parameter and performs a server-…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-40242
|
2026-04-14 06:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1878
|
- |
|
-
|
-
|
Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip() method in ApicurioCodegenWrapper.java extracts…
|
CWE-22
Path Traversal
|
CVE-2026-40180
|
2026-04-14 06:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1879
|
7.1 |
HIGH
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in Dotstore Extra Fees Plugin for WooCommerce woo-conditional-product-fees-for-checkout allows Cross Site Request Forgery.This issue affects Extra Fees…
|
CWE-352
Origin Validation Error
|
CVE-2026-39671
|
2026-04-14 06:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1880
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in sonaar MP3 Audio Player for Music, Radio & Podcast by Sonaar mp3-music-player-by-sonaar allows Server Side Request Forgery.This issue affects MP3 A…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39647
|
2026-04-14 06:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
