4.8
CVE-2024-51222 - Stored CrossβSite Scripting in Vehicle Record Management System via Profile Component
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter.
5.4
CVE-2024-46878 -
A Cross-Site Scripting (XSS) vulnerability exists in the page parameter of tiki-editpage.php in Tiki version 26.3 and earlier. This vulnerability allows attackers to execute arbitrary JavaScript code via a crafted payload, leading to potential access to sensitive information or unauthorized actions.
6.2
CVE-2026-30007 -
XnSoft NConvert 7.230 is vulnerable to Use-After-Free via a crafted .tiff file
7.5
CVE-2026-26829 - Denial of Service via Null Pointer Dereference in Owntone-server HTTP Handler
A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server.
4.8
CVE-2024-51224 - CrossβSite Scripting in Vehicle Record Management System v1.0
Multiple cross-site scripting (XSS) vulnerabilities in the component /admin/edit-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the vehiclename, modelnumber, regnumber, vehiclesubtype, chβ¦
4.8
CVE-2024-51225 - Stored XSS in Phpgurukul Vehicle Record Management System v1.0
A stored cross-site scripting (XSS) vulnerability in the component /admin/add-brand.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the brandname parameter.
8.8
CVE-2026-4680 - chromium-browser: Use after free in FedCM
Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4679 - chromium-browser: Integer overflow in Fonts
Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4678 - chromium-browser: Use after free in WebGPU
Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
8.8
CVE-2026-4676 - chromium-browser: Use after free in Dawn
Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)