|
3081
|
7.5 |
HIGH
Network
|
-
|
-
|
Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers t…
|
CWE-22
Path Traversal
|
CVE-2022-50992
|
2026-05-1 02:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3082
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicio…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2022-50993
|
2026-05-1 02:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3083
|
8.8 |
HIGH
Network
|
-
|
-
|
A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF…
|
CWE-352
Origin Validation Error
|
CVE-2026-36960
|
2026-05-1 02:16 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3084
|
7.5 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.28 accepts unbounded concurrent unauthenticated WebSocket upgrades without pre-authentication budget allocation. Unauthenticated network attackers can exhaust socket and worker…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-41399
|
2026-05-1 01:57 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3085
|
4.6 |
MEDIUM
Adjacent
|
openclaw
|
openclaw
|
OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.r…
|
CWE-346
Origin Validation Error
|
CVE-2026-41398
|
2026-05-1 01:56 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3086
|
7.5 |
HIGH
Adjacent
|
google
|
chrome
|
Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium se…
|
CWE-416
Use After Free
|
CVE-2026-7349
|
2026-05-1 01:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3087
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …
|
CWE-416
Use After Free
|
CVE-2026-7350
|
2026-05-1 01:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3088
|
3.1 |
LOW
Network
|
google
|
chrome
|
Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium se…
|
CWE-362
Race Condition
|
CVE-2026-7351
|
2026-05-1 01:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3089
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
|
CWE-416
Use After Free
|
CVE-2026-7352
|
2026-05-1 01:40 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3090
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-7353
|
2026-05-1 01:39 |
2026-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
