|
2601
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security…
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-8018
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2602
|
4.2 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H…
|
CWE-20
Improper Input Validation
|
CVE-2026-7989
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2603
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…
|
NVD-CWE-noinfo
CWE-284
CWE-693
Improper Access Control
Protection Mechanism Failure
|
CVE-2026-7959
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2604
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebUI in Google Chrome on Linux, Mac, Windows, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site iso…
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7946
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2605
|
4.4 |
MEDIUM
Local
|
google
|
chrome
|
Insufficient policy enforcement in Downloads in Google Chrome prior to 148.0.7778.96 allowed a local attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: M…
|
NVD-CWE-noinfo
CWE-693
Protection Mechanism Failure
|
CVE-2026-7932
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2606
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient data validation in InterestGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…
|
NVD-CWE-noinfo
CWE-20
Improper Input Validation
|
CVE-2026-7916
|
2026-05-9 05:16 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2607
|
5.5 |
MEDIUM
Local
|
osgeo
|
gdal
|
A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-8084
|
2026-05-9 05:11 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2608
|
5.5 |
MEDIUM
Local
|
osgeo
|
gdal
|
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bo…
|
CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error')
Out-of-bounds Read
|
CVE-2026-8088
|
2026-05-9 05:11 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2609
|
6.5 |
MEDIUM
Network
|
traccar
|
traccar
|
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C…
|
CWE-1236
Improper Neutralization of Formula Elements in a CSV File
|
CVE-2026-27644
|
2026-05-9 05:04 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2610
|
5.4 |
MEDIUM
Network
|
traccar
|
traccar
|
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper …
|
CWE-91
Blind XPath Injection
|
CVE-2026-27693
|
2026-05-9 05:04 |
2026-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
