|
5651
|
- |
|
-
|
-
|
LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL back…
|
CWE-327
CWE-347
Use of a Broken or Risky Cryptographic Algorithm
Improper Verification of Cryptographic Signature
|
CVE-2026-44699
|
2026-05-19 04:59 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5652
|
7.5 |
HIGH
Network
|
-
|
-
|
The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-44714
|
2026-05-19 04:59 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5653
|
9.8 |
CRITICAL
Network
|
-
|
-
|
MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz…
|
CWE-94
Code Injection
|
CVE-2026-44717
|
2026-05-19 04:59 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5654
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.13.0, Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle…
|
CWE-22
CWE-73
Path Traversal
External Control of File Name or Path
|
CVE-2026-46383
|
2026-05-19 04:59 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5655
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in WebAudio in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hig…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8524
|
2026-05-19 04:43 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5656
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in WebRTC in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8526
|
2026-05-19 04:43 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5657
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Downloads in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi…
|
CWE-20
Improper Input Validation
|
CVE-2026-8527
|
2026-05-19 04:42 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5658
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a …
|
CWE-20
Improper Input Validation
|
CVE-2026-8528
|
2026-05-19 04:42 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5659
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can …
|
CWE-120
Classic Buffer Overflow
|
CVE-2020-37234
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5660
|
6.4 |
MEDIUM
Network
|
-
|
-
|
NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news additio…
|
CWE-79
Cross-site Scripting
|
CVE-2020-37236
|
2026-05-19 04:42 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
