|
1751
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak…
|
CWE-200
情報漏えい
|
CVE-2026-7542
|
2026-06-9 22:33 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1752
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl…
|
CWE-502
信頼性のないデータのデシリアライゼーション
|
CVE-2026-8365
|
2026-06-9 22:33 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1753
|
6.4 |
MEDIUM
ネットワーク
|
-
|
-
|
The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-8599
|
2026-06-9 22:33 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1754
|
6.4 |
MEDIUM
ネットワーク
|
-
|
-
|
The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-8677
|
2026-06-9 22:33 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1755
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi…
|
CWE-862
認証の欠如
|
CVE-2026-4058
|
2026-06-9 22:33 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1756
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare"
This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to …
|
-
|
CVE-2026-46318
|
2026-06-9 22:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1757
|
8.0 |
HIGH
ネットワーク
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-41724
|
2026-06-9 22:16 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1758
|
8.0 |
HIGH
ネットワーク
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-41723
|
2026-06-9 22:16 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1759
|
8.0 |
HIGH
ネットワーク
|
-
|
-
|
VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-41722
|
2026-06-9 22:16 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1760
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via…
|
CWE-284
不適切なアクセス制御
|
CVE-2026-11190
|
2026-06-9 21:51 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1761
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti…
|
CWE-20
不適切な入力確認
|
CVE-2026-11189
|
2026-06-9 21:51 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1762
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s…
|
CWE-125
境界外読み取り
|
CVE-2026-11191
|
2026-06-9 21:50 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1763
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi…
|
CWE-20
不適切な入力確認
|
CVE-2026-11192
|
2026-06-9 21:49 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1764
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit…
|
CWE-284
不適切なアクセス制御
|
CVE-2026-11193
|
2026-06-9 21:49 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1765
|
- |
-
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
io_uring/waitid: clear waitid info before copying it to userspace
IORING_OP_WAITID stores its result fields in struct io_waitid::…
|
-
|
CVE-2026-46315
|
2026-06-9 18:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1766
|
7.1 |
HIGH
ネットワーク
|
-
|
-
|
A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources…
|
CWE-732
重要なリソースに対する不適切なパーミッションの割り当て
|
CVE-2026-10840
|
2026-06-9 18:16 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1767
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HT…
|
CWE-20
不適切な入力確認
|
CVE-2026-11023
|
2026-06-9 12:08 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1768
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-121
スタックオーバーフロー
|
CVE-2026-11024
|
2026-06-9 12:07 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1769
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium securit…
|
CWE-602
サーバ側のセキュリティのクライアント側での実施
|
CVE-2026-11025
|
2026-06-9 12:07 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1770
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur…
|
CWE-125
境界外読み取り
|
CVE-2026-11096
|
2026-06-9 12:07 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1771
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me…
|
CWE-474
一貫性のない実装を含む機能の使用
|
CVE-2026-11097
|
2026-06-9 12:07 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1772
|
5.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…
|
CWE-20
不適切な入力確認
|
CVE-2026-11098
|
2026-06-9 12:07 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1773
|
9.6 |
CRITICAL
ネットワーク
|
google
|
chrome
|
Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape vi…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11100
|
2026-06-9 12:06 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1774
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H…
|
CWE-20
不適切な入力確認
|
CVE-2026-11121
|
2026-06-9 12:06 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1775
|
6.1 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security sever…
|
CWE-358
不適切に実装されたセキュリティチェック
|
CVE-2026-11122
|
2026-06-9 12:06 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1776
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit…
|
CWE-457
初期化されていない変数の使用
|
CVE-2026-11123
|
2026-06-9 12:05 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1777
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-11124
|
2026-06-9 12:05 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1778
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chro…
|
CWE-20
不適切な入力確認
|
CVE-2026-11126
|
2026-06-9 12:05 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1779
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Medi…
|
CWE-358
不適切に実装されたセキュリティチェック
|
CVE-2026-11127
|
2026-06-9 12:05 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1780
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf…
|
CWE-20
不適切な入力確認
|
CVE-2026-11128
|
2026-06-9 12:05 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1781
|
8.3 |
HIGH
ネットワーク
|
-
|
-
|
Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11647
|
2026-06-9 11:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1782
|
9.6 |
CRITICAL
ネットワーク
|
-
|
-
|
Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11638
|
2026-06-9 11:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1783
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denia…
|
CWE-400
リソースの枯渇
|
CVE-2026-11611
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1784
|
- |
-
|
-
|
-
|
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and ca…
|
CWE-617
到達可能なアサーション
|
CVE-2026-35058
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1785
|
- |
-
|
-
|
-
|
A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS…
|
CWE-125
CWE-416
境界外読み取り
解放済みメモリの使用
|
CVE-2026-40215
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1786
|
4.2 |
MEDIUM
ネットワーク
|
-
|
-
|
SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credent…
|
CWE-35
パストラバーサル
|
CVE-2026-24315
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1787
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that explo…
|
CWE-121
スタックオーバーフロー
|
CVE-2026-27671
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1788
|
9.0 |
CRITICAL
ネットワーク
|
-
|
-
|
SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal an…
|
CWE-35
パストラバーサル
|
CVE-2026-40128
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1789
|
3.7 |
LOW
ネットワーク
|
-
|
-
|
Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the…
|
CWE-497
認可されていない制御領域への重要情報の漏えい
|
CVE-2026-44743
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1790
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized dat…
|
CWE-89
SQLインジェクション
|
CVE-2026-44744
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1791
|
6.1 |
MEDIUM
ネットワーク
|
-
|
-
|
Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-44746
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1792
|
9.9 |
CRITICAL
ネットワーク
|
-
|
-
|
SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier…
|
CWE-347
デジタル署名の不適切な検証
|
CVE-2026-44748
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1793
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise b…
|
CWE-862
認証の欠如
|
CVE-2026-44750
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1794
|
7.1 |
HIGH
ネットワーク
|
-
|
-
|
Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belongi…
|
CWE-862
認証の欠如
|
CVE-2026-44751
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1795
|
6.6 |
MEDIUM
ネットワーク
|
-
|
-
|
The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used …
|
CWE-862
認証の欠如
|
CVE-2026-44754
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1796
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerab…
|
CWE-346
同一生成元ポリシー違反
|
CVE-2026-44755
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1797
|
4.7 |
MEDIUM
ネットワーク
|
-
|
-
|
SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in t…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-44757
|
2026-06-9 11:08 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1798
|
- |
-
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeo…
|
CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更
|
CVE-2026-46476
|
2026-06-9 11:06 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1799
|
- |
-
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. Thi…
|
CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更
|
CVE-2026-46477
|
2026-06-9 11:06 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1800
|
- |
-
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This…
|
CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更
|
CVE-2026-46478
|
2026-06-9 11:06 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
