|
1521
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…
|
CWE-416
Use After Free
|
CVE-2026-13037
|
2026-06-26 00:13 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-13038
|
2026-06-26 00:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.3…
|
CWE-79
Cross-site Scripting
|
CVE-2026-39897
|
2026-06-26 00:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue …
|
CWE-79
Cross-site Scripting
|
CVE-2026-39900
|
2026-06-26 00:00 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
9.8 |
CRITICAL
Network
|
ni
|
instrumentstudio
ni_grpc_device_server
|
There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary memory dereference, potentially resulting in remo…
|
CWE-822
Untrusted Pointer Dereference
|
CVE-2026-48137
|
2026-06-25 23:43 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
7.5 |
HIGH
Network
|
ni
|
instrumentstudio
ni_grpc_device_server
|
There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to …
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48138
|
2026-06-25 23:42 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
7.5 |
HIGH
Network
|
ni
|
instrumentstudio
ni_grpc_device_server
|
There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-48139
|
2026-06-25 23:42 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
6.5 |
MEDIUM
Network
|
ni
|
instrumentstudio
ni_grpc_device_server
|
There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial…
|
CWE-704
Incorrect Type Conversion or Cast
|
CVE-2026-48140
|
2026-06-25 23:41 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
7.5 |
HIGH
Network
|
ni
|
instrumentstudio
ni_grpc_device_server
|
There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions.
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-48141
|
2026-06-25 23:41 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
9.1 |
CRITICAL
Network
|
ni
|
instrumentstudio
ni_grpc_device_server
|
There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-9142
|
2026-06-25 23:40 |
2026-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
