|
151
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome on ChromeOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to obtain potentially sensi…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9985
|
2026-06-2 03:20 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
152
|
6.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to bypass same origin policy via a crafted video file. (Chromium security severity: High)
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-9989
|
2026-06-2 03:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
153
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Decoding a paletted BMP file with an out-of-range palette index results in a panic when accessing pixels in the invalid image.
New
|
-
|
CVE-2026-42500
|
2026-06-2 03:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
154
|
7.5 |
HIGH
Network
|
-
|
-
|
The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded s…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-46599
|
2026-06-2 03:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
155
|
- |
|
-
|
-
|
Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection, albeit heavily restricted.
More precis…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-10532
|
2026-06-2 03:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
156
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A segmentation violation in the gf_media_get_color_info function (/media_tools/isom_tools.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a …
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2025-60495
|
2026-06-2 03:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
157
|
- |
|
-
|
-
|
Sulu is an open-source PHP content management system based on the Symfony framework. Prior to versions 2.6.23 and 3.0.6, the password reset tokenand API key generation uses a weak cryptographical has…
New
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-45701
|
2026-06-2 03:16 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
158
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruptio…
Update
|
CWE-416
Use After Free
|
CVE-2026-9990
|
2026-06-2 03:15 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
159
|
3.1 |
LOW
Network
|
google
|
chrome
|
Inappropriate implementation in Media in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…
Update
|
CWE-200
Information Exposure
|
CVE-2026-9991
|
2026-06-2 03:15 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
160
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9996
|
2026-06-2 03:14 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
