|
821
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi…
|
CWE-20
Improper Input Validation
|
CVE-2026-8527
|
2026-05-19 04:42 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
822
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a …
|
CWE-20
Improper Input Validation
|
CVE-2026-8528
|
2026-05-19 04:42 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
823
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-37234
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
824
|
6.4 |
MEDIUM
Network
|
-
|
-
|
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news additio…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37236
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
825
|
8.2 |
HIGH
Network
|
-
|
-
|
EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the firstname parameter. Attackers…
|
CWE-89
SQL Injection
|
CVE-2021-47956
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
826
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can …
|
CWE-94
Code Injection
|
CVE-2018-25320
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
827
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Zenar Content Management System contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating form parameters in POST requests. Attac…
|
CWE-79
Cross-site Scripting
|
CVE-2018-25331
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
828
|
6.1 |
MEDIUM
Network
|
-
|
-
|
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side san…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45231
|
2026-05-19 04:42 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
829
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Codecs in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Hig…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-8529
|
2026-05-19 04:41 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
830
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's …
|
CWE-295
CWE-347
Improper Certificate Validation
Improper Verification of Cryptographic Signature
|
CVE-2026-44309
|
2026-05-19 04:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
