|
1911
|
9.8 |
CRITICAL
Network
|
freerdp
|
freerdp
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/pl…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-45700
|
2026-06-2 02:23 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1912
|
6.1 |
MEDIUM
Network
|
ibm
|
financial_transaction_manager_for_multiplatform
|
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allo…
|
CWE-79
Cross-site Scripting
|
CVE-2025-36148
|
2026-06-2 02:22 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1913
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-10013
|
2026-06-2 02:22 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1914
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
|
CWE-787
Out-of-bounds Write
|
CVE-2026-9967
|
2026-06-2 02:22 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1915
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read and write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-9975
|
2026-06-2 02:21 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1916
|
5.0 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Input in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted …
|
CWE-20
Improper Input Validation
|
CVE-2026-9979
|
2026-06-2 02:21 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1917
|
6.2 |
MEDIUM
Local
|
-
|
-
|
Text::LineFold versions through 2019.001 for Perl duplicate the output based on the number of special break characters.
Text::LineFold splits the input string by specific line break characters (such…
|
CWE-405
CWE-407
Asymmetric Resource Consumption (Amplification)
Inefficient Algorithmic Complexity
|
CVE-2026-8594
|
2026-06-2 02:17 |
2026-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1918
|
- |
|
-
|
-
|
StrongDM Desktop Application before 23.74.0 (Desktop Client before 53.77.0) on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a…
|
CWE-312
CWE-522
Cleartext Storage of Sensitive Information
Insufficiently Protected Credentials
|
CVE-2026-4387
|
2026-06-2 02:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1919
|
4.3 |
MEDIUM
Network
|
-
|
-
|
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note (private thread) from any…
|
CWE-862
Missing Authorization
|
CVE-2026-48811
|
2026-06-2 02:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1920
|
- |
|
-
|
-
|
iskorotkov/avro is a fast Go Avro codec. Prior to 2.33.0, the Avro array and map decoders looped over an attacker-controlled block-count value without checking the underlying reader's error state ins…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-46385
|
2026-06-2 02:17 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
