|
651
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges ca…
|
CWE-79
Cross-site Scripting
|
CVE-2025-40901
|
2026-05-20 02:47 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
652
|
9.8 |
CRITICAL
Network
|
h2o
|
h2o
|
A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a…
|
CWE-20
CWE-502
Improper Input Validation
Deserialization of Untrusted Data
|
CVE-2026-8751
|
2026-05-20 02:46 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
653
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a mal…
|
CWE-79
Cross-site Scripting
|
CVE-2025-40902
|
2026-05-20 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
654
|
4.8 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileg…
|
CWE-79
Cross-site Scripting
|
CVE-2025-40903
|
2026-05-20 02:44 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
655
|
5.3 |
MEDIUM
Network
|
h2o
|
h2o
|
A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compon…
|
CWE-266
CWE-284
NVD-CWE-noinfo
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-8752
|
2026-05-20 02:44 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
656
|
5.4 |
MEDIUM
Network
|
nozominetworks
|
cmc
guardian
|
A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malici…
|
CWE-79
Cross-site Scripting
|
CVE-2025-40904
|
2026-05-20 02:41 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
657
|
4.8 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit…
|
CWE-79
Cross-site Scripting
|
CVE-2026-3495
|
2026-05-20 02:37 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
658
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an authenticated attacker with re…
|
CWE-862
Missing Authorization
|
CVE-2026-3637
|
2026-05-20 02:34 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
659
|
3.3 |
LOW
Local
|
continue
|
continue
|
A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat…
|
CWE-22
Path Traversal
|
CVE-2026-8770
|
2026-05-20 02:30 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
660
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted …
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-8510
|
2026-05-20 02:29 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
