|
3721
|
7.5 |
HIGH
Network
|
apache
|
ofbiz
|
Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-31910
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3722
|
9.1 |
CRITICAL
Network
|
apache
|
ofbiz
|
Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-31986
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3723
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Control of Generation of Code ('Code Injection') vulnerability in email services of Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to vers…
|
CWE-94
Code Injection
|
CVE-2026-35086
|
2026-05-20 01:36 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3724
|
9.1 |
CRITICAL
Network
|
apache
|
ofbiz
|
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrad…
|
CWE-90
LDAP Injection
|
CVE-2026-41919
|
2026-05-20 01:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3725
|
6.5 |
MEDIUM
Network
|
apache
|
ofbiz
|
Improper Authorization vulnerability in Apache OFBiz Webtools.
This issue affects Apache OFBiz: before 24.09.06.
Users are recommended to upgrade to version 24.09.06, which fixes the issue.
|
CWE-285
Improper Authorization
|
CVE-2026-45187
|
2026-05-20 01:35 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3726
|
9.1 |
CRITICAL
Network
|
freedesktop
|
gst-plugins-good
|
An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before per…
|
CWE-369
Divide By Zero
|
CVE-2026-46470
|
2026-05-20 01:34 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3727
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…
|
CWE-862
Missing Authorization
|
CVE-2026-8547
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3728
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in GPU in Google Chrome on Mac and Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information fr…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8546
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3729
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in FileSystem in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive infor…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-8543
|
2026-05-20 01:33 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3730
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
|
CWE-416
Use After Free
|
CVE-2026-8542
|
2026-05-20 01:32 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
