|
3911
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium security…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-7981
|
2026-05-7 23:38 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3912
|
9.1 |
CRITICAL
Network
|
x.org
redhat
|
x_server
enterprise_linux
|
A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-34000
|
2026-05-7 23:35 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3913
|
6.5 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker …
|
CWE-539
Use of Persistent Cookies Containing Sensitive Information
|
CVE-2026-35192
|
2026-05-7 23:20 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3914
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
ASGI requests with a missing or understated `Content-Length` header can bypass the `FILE_UPLOAD_MAX_MEMORY_SIZE` limit, potentially …
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-5766
|
2026-05-7 23:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3915
|
5.3 |
MEDIUM
Network
|
djangoproject
|
django
|
An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.
`django.middleware.cache.UpdateCacheMiddleware` erroneously caches requests where the `Vary` header contained an asterisk (`'*'`). T…
|
CWE-524
Use of Cache Containing Sensitive Information
|
CVE-2026-6907
|
2026-05-7 23:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3916
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was detected in PicoTronica e-Clinic Healthcare System ECHS 5.7. The affected element is an unknown function of the file /cdemos/echs/api/v2/patient-records of the component API Endpo…
|
CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function
|
CVE-2026-8031
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3917
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. The impacted element is an unknown function of the file /cdemos/echs/priv/echs.js. This manipulation of the argument ADMIN_KE…
|
CWE-259
CWE-798
Use of Hard-coded Password
Use of Hard-coded Credentials
|
CVE-2026-8032
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3918
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in PicoTronica e-Clinic Healthcare System ECHS 5.7. This affects an unknown function of the file /cdemos/echs/api/v2/ of the component Response Header Handler. Such man…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2026-8033
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3919
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Cross-Site Request Forgery (CSRF) vulnerability in PluginUs.Net BEAR allows Cross Site Request Forgery.
This issue affects BEAR: from n/a through 1.1.5.
|
CWE-352
Origin Validation Error
|
CVE-2026-27415
|
2026-05-7 23:08 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3920
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v…
|
CWE-416
Use After Free
|
CVE-2026-8001
|
2026-05-7 23:05 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
