Security Vulnerabilities
Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access.
CVSS Score
7.1
EPSS Score
0.002
Published
2026-04-29
Starman versions before 0.4018 for Perl allows HTTP Request Smuggling via Improper Header Precedence.
Starman incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence.
An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.
CVSS Score
7.5
EPSS Score
0.005
Published
2026-04-29
Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-28
Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-28
Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVSS Score
7.5
EPSS Score
0.002
Published
2026-04-28
Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-28
Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-28
Insufficient validation of untrusted input. in Compositing in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)
CVSS Score
3.1
EPSS Score
0.002
Published
2026-04-28
Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-28
Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
CVSS Score
8.8
EPSS Score
0.003
Published
2026-04-28