|
491
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium securi…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-13021
|
2026-06-26 11:19 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
492
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page.…
New
|
NVD-CWE-noinfo
|
CVE-2026-13022
|
2026-06-26 11:18 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
493
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-13023
|
2026-06-26 11:17 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
494
|
8.0 |
HIGH
Network
|
-
|
-
|
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Res…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-54030
|
2026-06-26 11:16 |
2026-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
495
|
4.2 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cra…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-13024
|
2026-06-26 11:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
496
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-13025
|
2026-06-26 11:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
497
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve…
New
|
CWE-416
Use After Free
|
CVE-2026-13026
|
2026-06-26 11:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
498
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-13027
|
2026-06-26 11:11 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
499
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…
New
|
CWE-416
Use After Free
|
CVE-2026-13028
|
2026-06-26 11:11 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
500
|
6.5 |
MEDIUM
Network
|
openexr
|
openexr
|
OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K (High-Throughput JPEG 2000)…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-45696
|
2026-06-26 11:08 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
