|
2061
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium…
|
CWE-200
Information Exposure
|
CVE-2026-7999
|
2026-05-7 22:39 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2062
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium se…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-8000
|
2026-05-7 22:39 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2063
|
7.7 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network navigation by default. Attackers can exploit this misconfiguration to…
|
CWE-918
CWE-1188
Server-Side Request Forgery (SSRF)
Insecure Default Initialization of Resource
|
CVE-2026-43527
|
2026-05-7 22:29 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2064
|
6.1 |
MEDIUM
Network
|
apache
|
wicket
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Wicket.
This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 t…
|
CWE-79
Cross-site Scripting
|
CVE-2026-42509
|
2026-05-7 22:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2065
|
9.1 |
CRITICAL
Network
|
apache
|
wicket
|
Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation attack in Apache Wicket.
This issue affects Apache Wicket: from 8.…
|
CWE-384
Session Fixation
|
CVE-2026-40010
|
2026-05-7 22:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2066
|
- |
|
-
|
-
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMED_PIPE_OPEN_REQ into a fix…
|
CWE-121
CWE-170
Stack-based Buffer Overflow
Improper Null Termination
|
CVE-2026-34464
|
2026-05-7 22:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2067
|
- |
|
-
|
-
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandl…
|
CWE-121
CWE-170
Stack-based Buffer Overflow
Improper Null Termination
|
CVE-2026-34462
|
2026-05-7 22:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2068
|
- |
|
-
|
-
|
Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_I…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-34461
|
2026-05-7 22:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2069
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
cifs: some missing initializations on replay
In several places in the code, we have a label to signify
the start of the code wher…
|
CWE-908
Use of Uninitialized Resource
|
CVE-2026-31693
|
2026-05-7 21:49 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2070
|
6.7 |
MEDIUM
Local
|
mediatek
|
mt6768_firmware
mt6789_firmware
mt6877_firmware
mt6899_firmware
mt6989_firmware
mt6991_firmware
mt6993_firmware
mt8196_firmware
mt8367_firmware
mt8766_firmware
mt8768_fi…
|
In geniezone, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privileg…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-20447
|
2026-05-7 21:43 |
2026-05-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
