|
2111
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
|
CWE-787
CWE-125
Out-of-bounds Write
Out-of-bounds Read
|
CVE-2026-7902
|
2026-05-10 23:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2112
|
9.1 |
CRITICAL
Network
|
apache
|
cloudstack
|
Instances deployed via the Proxmox extension allow unauthorized access to instances belonging to other tenants.
This issue affects Apache CloudStack: from 4.21.0.0 through 4.22.0.0.
The Proxm…
|
CWE-200
Information Exposure
|
CVE-2026-25199
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2113
|
5.3 |
MEDIUM
Network
|
apache
|
cloudstack
|
Due to multiple time-of-check time-of-use race conditions in the resource count check and increment logic, as well as missing validations, users of the platform are able to exceed the allocation limi…
|
CWE-367
CWE-770
Time-of-check Time-of-use (TOCTOU) Race Condition
Allocation of Resources Without Limits or Throttling
|
CVE-2025-69233
|
2026-05-9 16:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2114
|
7.5 |
HIGH
Local
|
-
|
-
|
An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine st…
|
CWE-674
Uncontrolled Recursion
|
CVE-2026-44028
|
2026-05-9 13:16 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2115
|
8.8 |
HIGH
Network
|
apache
|
nifi
|
The optional extension component TinkerpopClientService is missing the Restricted annotation with the Execute Code Required Permission in Apache NiFi 2.0.0-M1 through 2.8.0. The TinkerpopClientServic…
|
CWE-862
Missing Authorization
|
CVE-2026-39816
|
2026-05-9 11:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2116
|
- |
|
-
|
-
|
UltraDAG is a minimal DAG-BFT blockchain in Rust. Prior to commit fb6ef59, the UltraDAG StateEngine implementation of SmartTransferTx contains a critical logic flaw in its policy enforcement pipeline…
|
CWE-284
CWE-639
Improper Access Control
Authorization Bypass Through User-Controlled Key
|
CVE-2026-42278
|
2026-05-9 09:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2117
|
8.1 |
HIGH
Network
|
praison
|
praisonai
praisonaiagents
|
PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.9 and praisonaiagents version 1.6.9, the fix for CVE-2026-40315 added input validation to SQLiteConversationStore only. Nine si…
|
CWE-89
SQL Injection
|
CVE-2026-41496
|
2026-05-9 09:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2118
|
9.8 |
CRITICAL
Network
|
gitpython_project
|
gitpython
|
GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)…
|
CWE-88
Argument Injection
|
CVE-2026-42284
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2119
|
- |
|
-
|
-
|
Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check th…
|
CWE-601
Open Redirect
|
CVE-2026-42259
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2120
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered.
|
CWE-94
Code Injection
|
CVE-2026-36458
|
2026-05-9 08:16 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
