|
571
|
7.1 |
HIGH
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated callers to write files to arbitrary directories by supplying an absolu…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45242
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
572
|
6.1 |
MEDIUM
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a missing authorization vulnerability in the content script window.postMessage bridge that allows malicious pages to perform unauthorized operations on automation a…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45243
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
573
|
7.4 |
HIGH
Network
|
steipete
|
summarize
|
Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic mouseover events over attacker-controlled links, causing the extensio…
New
|
CWE-918
CWE-940
Server-Side Request Forgery (SSRF)
Improper Verification of Source of a Communication Channel
|
CVE-2026-45245
|
2026-05-19 10:34 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
574
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A flaw has been found in Open5GS up to 2.7.6. This impacts the function ogs_sbi_nf_instance_set_id in the library /lib/sbi/context.c of the component NRF. Executing a manipulation of the argument nfI…
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8730
|
2026-05-19 10:32 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
575
|
3.1 |
LOW
Network
|
google
|
chrome
|
Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Ch…
Update
|
CWE-416
Use After Free
|
CVE-2026-8553
|
2026-05-19 10:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
576
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (C…
Update
|
CWE-416
Use After Free
|
CVE-2026-8557
|
2026-05-19 10:31 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
577
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-8558
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
578
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H…
Update
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-8537
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
579
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8532
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
580
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
Update
|
CWE-416
Use After Free
|
CVE-2026-8533
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
