|
2051
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-5875
|
2026-04-14 02:55 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2052
|
7.5 |
HIGH
Network
|
roundcube
|
webmail
|
An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated atta…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-35537
|
2026-04-14 02:54 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2053
|
7.5 |
HIGH
Network
|
apple
|
swift-crypto
|
A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-28815
|
2026-04-14 02:50 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2054
|
7.5 |
HIGH
Network
|
nimiq
|
core-rs-albatross
|
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controll…
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-33184
|
2026-04-14 02:47 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2055
|
5.9 |
MEDIUM
Network
|
jupyter
|
lti_jupyterhub_authenticator
|
LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are…
|
CWE-401
CWE-770
Missing Release of Memory after Effective Lifetime
Allocation of Resources Without Limits or Throttling
|
CVE-2026-34052
|
2026-04-14 02:44 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2056
|
6.5 |
MEDIUM
Network
|
nimiq
|
core-rs-albatross
|
nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an ele…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-34061
|
2026-04-14 02:41 |
2026-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2057
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-1300
Improper Protection of Physical Side Channels
|
CVE-2026-5876
|
2026-04-14 02:40 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2058
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chrom…
|
CWE-20
Improper Input Validation
|
CVE-2026-5879
|
2026-04-14 02:40 |
2026-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2059
|
6.5 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
`MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-T…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-33033
|
2026-04-14 02:39 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2060
|
7.5 |
HIGH
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30.
ASGI requests with a missing or understated `Content-Length` header could
bypass the `DATA_UPLOAD_MAX_MEMORY_SI…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-33034
|
2026-04-14 02:38 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
