|
2041
|
8.1 |
HIGH
Network
|
fka
|
prompts.chat
|
prompts.chat prior to commit 1464475 contains an identity confusion vulnerability due to inconsistent case-sensitive and case-insensitive handling of usernames across write and read paths, allowing a…
|
CWE-178
Improper Handling of Case Sensitivity
|
CVE-2026-22665
|
2026-04-14 03:10 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2042
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-5868
|
2026-04-14 03:10 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2043
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-472
CWE-190
External Control of Assumed-Immutable Web Parameter
Integer Overflow or Wraparound
|
CVE-2026-5870
|
2026-04-14 03:08 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2044
|
5.3 |
MEDIUM
Network
|
zulip
|
zulip
|
Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access (enable…
|
CWE-862
Missing Authorization
|
CVE-2026-25742
|
2026-04-14 03:07 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2045
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-5872
|
2026-04-14 03:06 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2046
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-5873
|
2026-04-14 03:06 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2047
|
9.0 |
CRITICAL
Network
|
ci4-cms-erp
|
ci4ms
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34559
|
2026-04-14 03:02 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2048
|
9.0 |
CRITICAL
Network
|
ci4-cms-erp
|
ci4ms
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-c…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34560
|
2026-04-14 03:00 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2049
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a craf…
|
CWE-416
Use After Free
|
CVE-2026-5874
|
2026-04-14 02:57 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2050
|
8.4 |
HIGH
Network
|
ci4-cms-erp
|
ci4ms
|
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…
|
CWE-79
Cross-site Scripting
|
CVE-2026-34561
|
2026-04-14 02:56 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
