|
1411
|
8.3 |
HIGH
Network
|
-
|
-
|
Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
|
CWE-416
Use After Free
|
CVE-2026-11040
|
2026-06-6 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1412
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. (Chromium s…
|
CWE-20
Improper Input Validation
|
CVE-2026-11038
|
2026-06-6 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1413
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Out of bounds write in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11037
|
2026-06-6 02:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1414
|
6.5 |
MEDIUM
Network
|
-
|
-
|
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial …
|
CWE-20
Improper Input Validation
|
CVE-2025-5090
|
2026-06-6 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1415
|
6.5 |
MEDIUM
Network
|
-
|
-
|
In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain …
|
CWE-20
Improper Input Validation
|
CVE-2025-5089
|
2026-06-6 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1416
|
8.3 |
HIGH
Network
|
-
|
-
|
An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on…
|
CWE-269
Improper Privilege Management
|
CVE-2025-5088
|
2026-06-6 02:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1417
|
5.5 |
MEDIUM
Local
|
linaro
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior t…
|
CWE-843
Type Confusion
|
CVE-2026-45702
|
2026-06-6 01:56 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1418
|
7.5 |
HIGH
Network
|
microsoft
|
exchange_online
|
Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.
|
CWE-285
Improper Authorization
|
CVE-2026-48579
|
2026-06-6 01:51 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1419
|
8.8 |
HIGH
Network
|
dlink
|
dwr-m920_firmware
|
A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in…
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-10878
|
2026-06-6 01:48 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1420
|
3.1 |
LOW
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy…
|
CWE-20
Improper Input Validation
|
CVE-2026-11244
|
2026-06-6 01:43 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
