|
1881
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Server-Side Request Forgery (SSRF) vulnerability in Global Payments GlobalPayments WooCommerce global-payments-woocommerce allows Server Side Request Forgery.This issue affects GlobalPayments WooComm…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-39645
|
2026-04-14 06:16 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1882
|
4.0 |
MEDIUM
Local
|
google
|
android
|
In importWrappedKey of KMKeymasterApplet.java, there is a possible way access keys that should be restricted due to improper input validation. This could lead to local information disclosure with no …
|
NVD-CWE-noinfo
|
CVE-2025-48651
|
2026-04-14 06:16 |
2026-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1883
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-5900
|
2026-04-14 06:14 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1884
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions fo…
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-5901
|
2026-04-14 06:14 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1885
|
9.8 |
CRITICAL
Network
|
google
|
chrome
|
Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium…
|
CWE-362
Race Condition
|
CVE-2026-5902
|
2026-04-14 06:14 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1886
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-5903
|
2026-04-14 06:14 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1887
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Exte…
|
CWE-416
Use After Free
|
CVE-2026-5904
|
2026-04-14 06:13 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1888
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session histor…
|
CWE-863
Incorrect Authorization
|
CVE-2026-35657
|
2026-04-14 06:08 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1889
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains an authentication bypass vulnerability in the X-Forwarded-For header processing when trustedProxies is configured, allowing attackers to spoof loopback hops. Remote…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-35656
|
2026-04-14 06:07 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1890
|
5.7 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.22 contains an identity spoofing vulnerability in ACP permission resolution that trusts conflicting tool identity hints from rawInput and metadata. Attackers can spoof tool ide…
|
CWE-807
Reliance on Untrusted Inputs in a Security Decision
|
CVE-2026-35655
|
2026-04-14 06:07 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
