8.8
CVE-2026-4675 - chromium-browser: Heap buffer overflow in WebGL
Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4673 - chromium-browser: Heap buffer overflow in WebAudio
Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
6.2
CVE-2026-30006 -
XnSoft NConvert 7.230 is vulnerable to Stack Buffer Overrun via a crafted .tiff file.
6.1
CVE-2025-52204 - CrossβSite Scripting in Znuny::ITSM 6.5.x Customer Interface
A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter
5.4
CVE-2024-46879 -
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the POST request data zipPath of tiki-admin_system.php in Tiki version 21.2. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthoβ¦
4.3
CVE-2026-4628 - Keycloak: org.keycloak.authorization: keycloak: unauthorized resource modification due to improper β¦
A flaw was found in Keycloak. An improper Access Control vulnerability in Keycloakβs User-Managed Access (UMA) resource_set endpoint allows attackers with valid credentials to bypass the allowRemoteResourceManagement=false restriction. This occurs due to incomplete enforcement of access control cheβ¦
8.8
CVE-2026-24516 - Command Injection in DigitalOcean Droplet Agent Enables Remote Execution with Root Privileges
A command injection vulnerability exists in DigitalOcean Droplet Agent through 1.3.2. The troubleshooting actioner component (internal/troubleshooting/actioner/actioner.go) processes metadata from the metadata service endpoint and executes commands specified in the TroubleshootingAgent.Requesting aβ¦
7.5
CVE-2026-26828 - Null Pointer Dereference in owntone-server Leads to DoS via Crafted DAAP Request
A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server
6.1
CVE-2024-51226 - Stored XSS in Vehicle Record Management System Search Feature
A stored cross-site scripting (XSS) vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter.
4.8
CVE-2024-51223 - Stored CrossβSite Scripting in Admin Profile Mobile Number Field
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Mobile Number parameter.