|
1631
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-11039
|
2026-06-8 22:31 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1632
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11041
|
2026-06-8 22:31 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1633
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11043
|
2026-06-8 22:29 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1634
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proces…
Update
|
CWE-190
CWE-125
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-10999
|
2026-06-8 22:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1635
|
9.1 |
CRITICAL
Network
|
apache
|
fory
|
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChec…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-50076
|
2026-06-8 22:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1636
|
4.3 |
MEDIUM
Network
|
misp
|
misp
|
A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In…
Update
|
CWE-200
Information Exposure
|
CVE-2026-10864
|
2026-06-8 21:59 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1637
|
4.9 |
MEDIUM
Network
|
acer
|
connect_m6e_5g_firmware
|
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.
Update
|
CWE-200
Information Exposure
|
CVE-2026-50224
|
2026-06-8 21:58 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1638
|
9.1 |
CRITICAL
Network
|
acer
|
connect_m6e_5g_firmware
|
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-50225
|
2026-06-8 21:58 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1639
|
5.3 |
MEDIUM
Network
|
acer
|
connect_m6e_5g_firmware
|
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extra…
Update
|
CWE-321
Use of Hard-coded Cryptographic Key
|
CVE-2026-50226
|
2026-06-8 21:57 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1640
|
9.8 |
CRITICAL
Network
|
acer
|
connect_m6e_5g_firmware
|
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
Update
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2026-50214
|
2026-06-8 21:56 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
