7.5

CVSS3.1

CVE-2026-30996 - Directory Traversal in SAC‑NFe v2.0.02 download.php Allows Arbitrary File Read

An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET request.

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 3:38 p.m.

8.8

CVSS3.1

CVE-2026-6358 - chromium-browser: Use after free in XR

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 7:09 p.m.

8.8

CVSS3.1

CVE-2026-6307 - chromium-browser: Type Confusion in Turbofan

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 5:27 p.m.

8.8

CVSS3.1

CVE-2026-6360 - chromium-browser: Use after free in FileSystem

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 7:20 p.m.

7.5

CVSS3.1

CVE-2026-6319 - chromium-browser: Use after free in Payments

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 7:08 p.m.

8.8

CVSS3.1

CVE-2026-6300 - chromium-browser: Use after free in CSS

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 3:41 p.m.

8.3

CVSS3.1

CVE-2026-6297 - chromium-browser: Use after free in Proxy

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 3:42 p.m.

8.8

CVSS3.1

CVE-2026-6305 - chromium-browser: Heap buffer overflow in PDFium

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

πŸ“… Published: April 15, 2026, midnight πŸ”„ Last Modified: April 17, 2026, 5:27 p.m.

5.1

CVSS4.0

CVE-2026-40096 - immich: Open Redirect via Shared Album name

immich is a high performance self-hosted photo and video management solution. Versions prior to 2.7.3 contain an open redirect vulnerability in the shared album functionality, where the album name is inserted unsanitized into a <meta> tag in api.service.ts. A registered attacker can create a shared…

πŸ“… Published: April 14, 2026, 11:54 p.m. πŸ”„ Last Modified: April 23, 2026, 3:26 p.m.

6

CVSS3.1

CVE-2026-40091 - SpiceDB: SPICEDB_DATASTORE_CONN_URI is leaked on startup logs

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside Da…

πŸ“… Published: April 14, 2026, 11:50 p.m. πŸ”„ Last Modified: April 23, 2026, 5:15 p.m.
Total resulsts: 346298
Page 166 of 34,630
Β« previous page Β» next page
Filters