|
491
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in UI in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-9951
|
2026-05-30 01:28 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-9952
|
2026-05-30 01:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
5.9 |
MEDIUM
Network
|
-
|
-
|
SharpCompress is a fully managed C# library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory() allows a malicious ar…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44788
|
2026-05-30 01:25 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an…
Update
|
CWE-22
Path Traversal
|
CVE-2026-44353
|
2026-05-30 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authoriza…
New
|
CWE-601
CWE-863
Open Redirect
Incorrect Authorization
|
CVE-2026-44681
|
2026-05-30 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
7.5 |
HIGH
Network
|
-
|
-
|
MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFil…
New
|
CWE-129
CWE-476
Improper Validation of Array Index
NULL Pointer Dereference
|
CVE-2026-45104
|
2026-05-30 01:25 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
- |
|
-
|
-
|
CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as t…
New
|
CWE-250
CWE-271
CWE-426
Execution with Unnecessary Privileges
Privilege Dropping / Lowering Errors
Untrusted Search Path
|
CVE-2026-44477
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
9.6 |
CRITICAL
Network
|
-
|
-
|
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-45323
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
8.3 |
HIGH
Network
|
-
|
-
|
Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and …
New
|
CWE-94
CWE-346
CWE-749
CWE-940
Code Injection
Origin Validation Error
Exposed Dangerous Method or Function
Improper Verification of Source of a Communication Channel
|
CVE-2026-44698
|
2026-05-30 01:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
- |
|
-
|
-
|
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies…
New
|
CWE-94
Code Injection
|
CVE-2026-41159
|
2026-05-30 01:25 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
