|
841
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
Update
|
CWE-1300
CWE-203
Improper Protection of Physical Side Channels
Information Exposure Through Discrepancy
|
CVE-2026-11284
|
2026-06-10 00:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
842
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11282
|
2026-06-10 00:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
843
|
- |
|
-
|
-
|
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac…
New
|
CWE-328
Use of Weak Hash
|
CVE-2026-48488
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
844
|
5.5 |
MEDIUM
Local
|
-
|
-
|
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode …
New
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-45581
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
845
|
8.3 |
HIGH
Network
|
-
|
-
|
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST …
New
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-46481
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
846
|
- |
|
-
|
-
|
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerabili…
New
|
CWE-22
Path Traversal
|
CVE-2026-46486
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
847
|
8.1 |
HIGH
Network
|
-
|
-
|
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by…
New
|
CWE-22
CWE-285
Path Traversal
Improper Authorization
|
CVE-2026-46484
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
848
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue h…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-44541
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
849
|
5.6 |
MEDIUM
Network
|
-
|
-
|
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…
New
|
CWE-299
Improper Check for Certificate Revocation
|
CVE-2026-6899
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
850
|
- |
|
-
|
-
|
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …
New
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49232
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
