|
1351
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HT…
|
CWE-20
CWE-451
不適切な入力確認
ユーザインターフェースにおける重要情報の誤った表示
|
CVE-2026-11286
|
2026-06-10 00:42 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Lo…
|
CWE-451
ユーザインターフェースにおける重要情報の誤った表示
|
CVE-2026-11285
|
2026-06-10 00:37 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
|
CWE-1300
CWE-203
物理サイドチャネルの不適切な保護
セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい
|
CVE-2026-11284
|
2026-06-10 00:27 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
|
CWE-693
保護メカニズムの不具合
|
CVE-2026-11282
|
2026-06-10 00:26 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
- |
-
|
-
|
-
|
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac…
|
CWE-328
脆弱なハッシュの使用
|
CVE-2026-48488
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
5.5 |
MEDIUM
ローカル
|
-
|
-
|
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode …
|
CWE-532
ログファイルからの情報漏えい
|
CVE-2026-45581
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
8.3 |
HIGH
ネットワーク
|
-
|
-
|
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST …
|
CWE-201
送信データへの重要な情報の挿入
|
CVE-2026-46481
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
- |
-
|
-
|
-
|
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerabili…
|
CWE-22
パス・トラバーサル
|
CVE-2026-46486
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
8.1 |
HIGH
ネットワーク
|
-
|
-
|
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by…
|
CWE-22
CWE-285
パス・トラバーサル
不適切な認可
|
CVE-2026-46484
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
- |
-
|
-
|
-
|
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue h…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-44541
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1361
|
5.6 |
MEDIUM
ネットワーク
|
-
|
-
|
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…
|
CWE-299
証明書失効の不適切なチェック
|
CVE-2026-6899
|
2026-06-10 00:25 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
- |
-
|
-
|
-
|
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …
|
CWE-755
例外的な状態における不適切な処理
|
CVE-2026-49232
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
- |
-
|
-
|
-
|
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority.
In gun_http2:push_promise_frame/7, the :…
|
CWE-346
同一生成元ポリシー違反
|
CVE-2026-43972
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
- |
-
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5,…
|
CWE-770
制限またはスロットリング無しのリソースの割り当て
|
CVE-2026-43973
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
- |
-
|
-
|
-
|
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot…
|
CWE-841
行動ワークフローの不適切な実施
|
CVE-2026-43974
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
- |
-
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo…
|
CWE-409
高圧縮データの不適切な処理 (データ増幅)
|
CVE-2026-49755
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
- |
-
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata.
Req.Utils.encode_form_part/2 …
|
CWE-93
CRLF インジェクション
|
CVE-2026-49756
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
- |
-
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields…
|
CWE-113
HTTP レスポンスの分割
|
CVE-2026-43966
|
2026-06-10 00:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
型の取り違え
|
CVE-2026-11662
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11663
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1371
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11664
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1372
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
|
CWE-125
境界外読み取り
|
CVE-2026-11665
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1373
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11692
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1374
|
3.1 |
LOW
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a …
|
CWE-20
不適切な入力確認
|
CVE-2026-11691
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1375
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…
|
CWE-472
不変と仮定される Web パラメータの外部制御
|
CVE-2026-11655
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1376
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafte…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11656
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1377
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11657
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1378
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
|
CWE-20
不適切な入力確認
|
CVE-2026-11659
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1379
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11661
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1380
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11648
|
2026-06-9 23:58 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1381
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11649
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1382
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox…
|
CWE-20
不適切な入力確認
|
CVE-2026-11660
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1383
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11650
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1384
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11651
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1385
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11652
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1386
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11654
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1387
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11642
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1388
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Exte…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11644
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1389
|
8.1 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11643
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1390
|
8.8 |
HIGH
ネットワーク
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover.…
|
CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更
|
CVE-2026-46480
|
2026-06-9 23:57 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1391
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11646
|
2026-06-9 23:56 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
6.8 |
MEDIUM
物理
|
google
|
chrome
|
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: Critic…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11628
|
2026-06-9 23:54 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11674
|
2026-06-9 23:54 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11673
|
2026-06-9 23:54 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11671
|
2026-06-9 23:53 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11670
|
2026-06-9 23:53 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Ch…
|
CWE-125
境界外読み取り
|
CVE-2026-11667
|
2026-06-9 23:53 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via…
|
CWE-125
CWE-787
境界外読み取り
境界外書き込み
|
CVE-2026-11690
|
2026-06-9 23:53 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11683
|
2026-06-9 23:53 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11680
|
2026-06-9 23:53 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
