|
351
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in ViewTransitions in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: H…
New
|
CWE-942
Permissive Cross-domain Policy with Untrusted Domains
|
CVE-2026-8537
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
352
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in XML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8532
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
353
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
New
|
CWE-416
Use After Free
|
CVE-2026-8533
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
354
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform a denial of service via a craf…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-8538
|
2026-05-19 10:30 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-843
Type Confusion
|
CVE-2026-8540
|
2026-05-19 10:29 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
356
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap…
New
|
CWE-862
Missing Authorization
|
CVE-2026-45667
|
2026-05-19 10:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
357
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowin…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45666
|
2026-05-19 10:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
358
|
8.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45665
|
2026-05-19 10:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
359
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based …
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8733
|
2026-05-19 06:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
360
|
4.7 |
MEDIUM
Network
|
-
|
-
|
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redire…
New
|
CWE-601
Open Redirect
|
CVE-2025-65954
|
2026-05-19 06:16 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
