|
1951
|
7.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
procfs: fix missing RCU protection when reading real_parent in do_task_stat()
When reading /proc/[pid]/stat, do_task_stat() acces…
|
NVD-CWE-noinfo
|
CVE-2026-46259
|
2026-06-10 05:09 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1952
|
7.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ipv6: Fix out-of-bound access in fib6_add_rt2node().
syzbot reported out-of-bound read in fib6_add_rt2node(). [0]
When IPv6 rout…
|
CWE-125
境界外読み取り
|
CVE-2026-46260
|
2026-06-10 05:09 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1953
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe()
platform_get_resource_byname() can return NULL, which w…
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2026-46261
|
2026-06-10 05:03 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1954
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put()
This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing loc…
|
CWE-667
不適切なロック
|
CVE-2026-46262
|
2026-06-10 04:59 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1955
|
7.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix out-of-bounds stream encoder index v3
eng_id can be negative and that stream_enc_regs[]
can be indexed out o…
|
CWE-125
境界外読み取り
|
CVE-2026-46263
|
2026-06-10 04:57 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1956
|
4.7 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
coresight: tmc-etr: Fix race condition between sysfs and perf mode
When trying to run perf and sysfs mode simultaneously, the WAR…
|
CWE-362
競合状態
|
CVE-2026-46272
|
2026-06-10 04:52 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1957
|
7.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: ath12k: do WoW offloads only on primary link
In case of multi-link connection, WCN7850 firmware crashes due to WoW
offloads…
|
NVD-CWE-noinfo
|
CVE-2026-46271
|
2026-06-10 04:52 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1958
|
8.4 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
power: supply: rt9455: Fix use-after-free in power_supply_changed()
Using the `devm_` variant for requesting IRQ _before_ the `de…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-46270
|
2026-06-10 04:52 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1959
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree
When probing the k230 pinctrl driver, the kernel trig…
|
CWE-476
NULL ポインタデリファレンス
|
CVE-2026-46269
|
2026-06-10 04:51 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1960
|
5.5 |
MEDIUM
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition
Commit b7e282378773 has already changed the initial page refcount of
p2pdma…
|
NVD-CWE-noinfo
|
CVE-2026-46268
|
2026-06-10 04:48 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1961
|
7.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nfc: hci: shdlc: Stop timers and work before freeing context
llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc
s…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-46267
|
2026-06-10 04:48 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1962
|
9.1 |
CRITICAL
ネットワーク
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP
Yizhou Zhao reported that simply having one RAW socket on protocol
IP…
|
NVD-CWE-noinfo
|
CVE-2026-46266
|
2026-06-10 04:47 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1963
|
7.5 |
HIGH
ネットワーク
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix WQ_MEM_RECLAIM warning
When sunrpc is used, if a reset triggered, our wq may lead the
following trace:
workqueue: …
|
NVD-CWE-noinfo
|
CVE-2026-46265
|
2026-06-10 04:46 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1964
|
5.7 |
MEDIUM
物理
|
-
|
-
|
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of P…
|
CWE-261
パスワードの弱い暗号の使用
|
CVE-2026-40639
|
2026-06-10 04:30 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1965
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
|
CWE-125
CWE-787
境界外読み取り
境界外書き込み
|
CVE-2026-10941
|
2026-06-10 04:21 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1966
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10943
|
2026-06-10 04:02 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1967
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10945
|
2026-06-10 04:01 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1968
|
4.7 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted H…
|
CWE-20
不適切な入力確認
|
CVE-2026-11233
|
2026-06-10 03:58 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1969
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
|
CWE-451
ユーザインターフェースにおける重要情報の誤った表示
|
CVE-2026-11294
|
2026-06-10 03:55 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1970
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pag…
|
CWE-693
保護メカニズムの不具合
|
CVE-2026-11234
|
2026-06-10 03:54 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1971
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a…
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-10946
|
2026-06-10 03:53 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1972
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10947
|
2026-06-10 03:53 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1973
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10948
|
2026-06-10 03:52 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1974
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…
|
CWE-122
ヒープオーバーフロー
|
CVE-2026-10949
|
2026-06-10 03:52 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1975
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10954
|
2026-06-10 03:49 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1976
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10956
|
2026-06-10 03:48 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1977
|
6.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medi…
|
CWE-346
同一生成元ポリシー違反
|
CVE-2026-11181
|
2026-06-10 03:47 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1978
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox vi…
|
CWE-20
不適切な入力確認
|
CVE-2026-11235
|
2026-06-10 03:44 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1979
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…
|
CWE-602
サーバ側のセキュリティのクライアント側での実施
|
CVE-2026-11236
|
2026-06-10 03:42 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1980
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTM…
|
CWE-20
不適切な入力確認
|
CVE-2026-11237
|
2026-06-10 03:41 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1981
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
|
CWE-457
初期化されていない変数の使用
|
CVE-2026-11268
|
2026-06-10 03:38 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1982
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform p…
|
CWE-20
不適切な入力確認
|
CVE-2026-11272
|
2026-06-10 03:34 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1983
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security se…
|
CWE-284
不適切なアクセス制御
|
CVE-2026-11274
|
2026-06-10 03:32 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1984
|
9.3 |
CRITICAL
ネットワーク
|
checkpoint
|
gaia_os
gaia_embedded
|
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish …
|
CWE-287
不適切な認証
|
CVE-2026-50751
|
2026-06-10 03:30 |
2026-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1985
|
4.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…
|
CWE-284
不適切なアクセス制御
|
CVE-2026-11277
|
2026-06-10 03:26 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1986
|
5.8 |
MEDIUM
ネットワーク
|
-
|
-
|
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is …
|
CWE-1023
要素の欠如による不完全な比較
|
CVE-2026-7473
|
2026-06-10 03:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1987
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid I…
|
CWE-89
SQLインジェクション
|
CVE-2026-50636
|
2026-06-10 03:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1988
|
8.8 |
HIGH
ネットワーク
|
-
|
-
|
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the d…
|
CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み
|
CVE-2026-50635
|
2026-06-10 03:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1989
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi…
|
CWE-862
認証の欠如
|
CVE-2026-49956
|
2026-06-10 03:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1990
|
6.3 |
MEDIUM
ローカル
|
-
|
-
|
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
|
CWE-59
リンク解釈の問題
|
CVE-2026-44275
|
2026-06-10 03:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1991
|
6.3 |
MEDIUM
ローカル
|
-
|
-
|
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
|
CWE-1386
Windows ジャンクション / マウントポイントの安全でない操作
|
CVE-2026-41116
|
2026-06-10 03:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1992
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
|
CWE-125
CWE-787
境界外読み取り
境界外書き込み
|
CVE-2026-11645
|
2026-06-10 03:16 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1993
|
- |
-
|
-
|
-
|
Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) po…
|
CWE-1262
レジスタインターフェイスの不適切なアクセス制御
|
CVE-2025-54509
|
2026-06-10 03:16 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1994
|
8.6 |
HIGH
ネットワーク
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ibmveth: Disable GSO for packets with small MSS
Some physical adapters on Power systems do not support segmentation
offload when …
|
NVD-CWE-noinfo
|
CVE-2026-46273
|
2026-06-10 02:31 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1995
|
8.8 |
HIGH
ローカル
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/pf: Fix sysfs initialization
In case of devm_add_action_or_reset() failure the provided cleanup
action will be run immedia…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-46264
|
2026-06-10 02:26 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1996
|
8.1 |
HIGH
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (…
|
CWE-346
同一生成元ポリシー違反
|
CVE-2026-11693
|
2026-06-10 02:26 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1997
|
5.4 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-20
NVD-CWE-noinfo
不適切な入力確認
|
CVE-2026-11701
|
2026-06-10 02:24 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1998
|
7.5 |
HIGH
ネットワーク
|
perl
|
dbi
|
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.
Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer wit…
|
CWE-787
境界外書き込み
|
CVE-2026-9698
|
2026-06-10 02:20 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1999
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sa…
|
CWE-94
CWE-1333
コード・インジェクション
非効率的な正規表現の複雑さ
|
CVE-2026-52778
|
2026-06-10 02:17 |
2026-06-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2000
|
6.5 |
MEDIUM
ネットワーク
|
-
|
-
|
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
|
CWE-200
情報漏えい
|
CVE-2026-50508
|
2026-06-10 02:17 |
2026-06-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
