|
421
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
Update
|
CWE-362
Race Condition
|
CVE-2026-8520
|
2026-05-19 04:17 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
7.5 |
HIGH
Adjacent
|
google
|
chrome
|
Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
Update
|
CWE-416
Use After Free
|
CVE-2026-8521
|
2026-05-19 04:16 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
Update
|
CWE-416
Use After Free
|
CVE-2026-8523
|
2026-05-19 04:14 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
424
|
10.0 |
CRITICAL
Network
|
dhtmlx
|
pdf_export_module
|
PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicio…
Update
|
CWE-78
OS Command
|
CVE-2026-41553
|
2026-05-19 03:40 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
8.7 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermo…
New
|
CWE-200
Information Exposure
|
CVE-2026-6346
|
2026-05-19 03:39 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
7.6 |
HIGH
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a su…
New
|
CWE-200
Information Exposure
|
CVE-2026-6347
|
2026-05-19 03:39 |
2026-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
9.8 |
CRITICAL
Network
|
radare
|
radare2
|
radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b…
Update
|
CWE-416
Use After Free
|
CVE-2026-8695
|
2026-05-19 03:38 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
4.3 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, a…
Update
|
CWE-672
Operation on a Resource after Expiration or Release
|
CVE-2026-4053
|
2026-05-19 03:37 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
6.5 |
MEDIUM
Network
|
mattermost
|
mattermost_server
|
Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG fi…
Update
|
CWE-754
Improper Check for Unusual or Exceptional Conditions
|
CVE-2026-4054
|
2026-05-19 03:36 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
6.5 |
MEDIUM
Network
|
open5gs
|
open5gs
|
A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool …
New
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-8731
|
2026-05-19 03:35 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
