CVE-2025-31984 - HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header
CVE ID :CVE-2025-31984
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-31984
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, potentially causing malicious content to be interpreted and executed incorrectly.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52613 - HCL BigFix Service Management (SM) is affected by use of a vulnerable component
CVE ID :CVE-2025-52613
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-52613
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :HCL BigFix Service Management (SM) is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-41287 - Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant A
CVE ID :CVE-2026-41287
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-41287
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulnerability to crash the agent service.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8027 - FlowiseAI Flowise User Controller authorization
CVE ID :CVE-2026-8027
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8027
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :A weakness has been identified in FlowiseAI Flowise up to 3.0.12. Affected by this vulnerability is an unknown functionality of the component User Controller Handler. This manipulation of the argument userId/organizationId/workspaceId/email causes authorization bypass. The attack may be initiated remotely. The affected component should be upgraded.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8028 - FlowiseAI Flowise Endpoint account.service.ts verify information disclosure
CVE ID :CVE-2026-8028
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8028
Published : May 6, 2026, 3:16 p.m. | 49 minutes ago
Description :A vulnerability was detected in FlowiseAI Flowise up to 3.0.12. This affects the function verify of the file packages/server/src/enterprise/services/account.service.ts of the component Endpoint. Performing a manipulation results in information disclosure. Remote exploitation of the attack is possible. The attack is considered to have high complexity. It is indicated that the exploitability is difficult. The exploit is now public and may be used. Upgrading the affected component is recommended.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-7999 - Google Chrome V8 Memory Disclosure Vulnerability
CVE ID :CVE-2026-7999
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-7999
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8000 - Google Chrome HTML Injection Vulnerability
CVE ID :CVE-2026-8000
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8000
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8001 - Google Chrome After Free Vulnerability (Sandbox Escape)
CVE ID :CVE-2026-8001
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8001
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8002 - Google Chrome Use After Free in Audio on Mac
CVE ID :CVE-2026-8002
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8002
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8003 - Google Chrome TabGroups UI Spoofing Vulnerability
CVE ID :CVE-2026-8003
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8003
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8004 - Google Chrome DevTools Cross-Origin Policy Enforcement Bypass
CVE ID :CVE-2026-8004
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8004
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8005 - Google Chrome Cast Same-Origin Policy Bypass
CVE ID :CVE-2026-8005
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8005
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin policy via malicious network traffic. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8006 - Google Chrome DevTools UI Spoofing Vulnerability
CVE ID :CVE-2026-8006
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8006
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8007 - Google Chrome HTML Injection Vulnerability
CVE ID :CVE-2026-8007
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8007
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8008 - Google Chrome DevTools UI Spoofing Vulnerability
CVE ID :CVE-2026-8008
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8008
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8009 - Google Chrome Cast Navigation Bypass Vulnerability
CVE ID :CVE-2026-8009
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8009
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8010 - Google Chrome SiteIsolation Input Validation Bypass
CVE ID :CVE-2026-8010
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8010
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8011 - Google Chrome Cross-Origin Data Leakage
CVE ID :CVE-2026-8011
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8011
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8012 - Google Chrome MHTML UXSS Vulnerability
CVE ID :CVE-2026-8012
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8012
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8013 - Google Chrome FedCM Input Validation Cross-Origin Data Leakage
CVE ID :CVE-2026-8013
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8013
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-8014 - Google Chrome Preload Cross-Origin Data Leak Vulnerability
CVE ID :CVE-2026-8014
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-8014
Published : May 6, 2026, 7:16 p.m. | 49 minutes ago
Description :Inappropriate implementation in Preload in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...