|
4681
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2026-8540
|
2026-05-19 10:29 |
2026-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4682
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap…
|
CWE-862
Missing Authorization
|
CVE-2026-45667
|
2026-05-19 10:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4683
|
6.5 |
MEDIUM
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowin…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-45666
|
2026-05-19 10:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4684
|
8.1 |
HIGH
Network
|
openwebui
|
open_webui
|
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due…
|
CWE-79
Cross-site Scripting
|
CVE-2026-45665
|
2026-05-19 10:28 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4685
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based …
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-8733
|
2026-05-19 06:16 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4686
|
- |
|
-
|
-
|
* Countermeasures for DPA within SYMCRYPTO
engine on SixG301xxx devices are not sufficiently random and will
eventually repeat.
* KSU keys using SYMCRYPTO will be
impacted by this vulnerability.
|
CWE-331
Insufficient Entropy
|
CVE-2025-14972
|
2026-05-19 05:27 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4687
|
8.2 |
HIGH
Network
|
-
|
-
|
A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…
|
CWE-124
Buffer Underflow
|
CVE-2026-34253
|
2026-05-19 05:23 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4688
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-38728
|
2026-05-19 05:23 |
2026-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4689
|
4.6 |
MEDIUM
Network
|
-
|
-
|
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.
|
CWE-863
Incorrect Authorization
|
CVE-2026-21789
|
2026-05-19 05:23 |
2026-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4690
|
8.2 |
HIGH
Local
|
-
|
-
|
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.
|
CWE-346
Origin Validation Error
|
CVE-2026-46728
|
2026-05-19 05:23 |
2026-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
