|
2851
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in SurfaceCapture in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10967
|
2026-06-6 10:44 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2852
|
8.3 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10961
|
2026-06-6 10:44 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2853
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a …
|
CWE-20
不適切な入力確認
|
CVE-2026-10912
|
2026-06-6 10:43 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2854
|
6.1 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML (…
|
CWE-20
不適切な入力確認
|
CVE-2026-10916
|
2026-06-6 10:43 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2855
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-10923
|
2026-06-6 10:43 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2856
|
6.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-284
不適切なアクセス制御
|
CVE-2026-11187
|
2026-06-6 10:42 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2857
|
6.1 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2026-11186
|
2026-06-6 10:42 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2858
|
6.3 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi…
|
CWE-602
サーバ側のセキュリティのクライアント側での実施
|
CVE-2026-11184
|
2026-06-6 10:42 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2859
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Out of bounds read in GWP-ASan in Google Chrome prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. (Chromium securit…
|
CWE-125
境界外読み取り
|
CVE-2026-11183
|
2026-06-6 10:41 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2860
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafte…
|
CWE-20
不適切な入力確認
|
CVE-2026-11086
|
2026-06-6 10:40 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2861
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Bad cast in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-125
境界外読み取り
|
CVE-2026-11077
|
2026-06-6 10:39 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2862
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-843
型の取り違え
|
CVE-2026-11076
|
2026-06-6 10:39 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2863
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11074
|
2026-06-6 10:39 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2864
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebSockets in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11068
|
2026-06-6 10:39 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2865
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11060
|
2026-06-6 10:39 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2866
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11059
|
2026-06-6 10:38 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2867
|
7.5 |
HIGH
ネットワーク
|
google
|
chrome
|
Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation v…
|
CWE-472
不変と仮定される Web パラメータの外部制御
|
CVE-2026-11058
|
2026-06-6 10:38 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2868
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11055
|
2026-06-6 10:38 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2869
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11054
|
2026-06-6 10:38 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2870
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11050
|
2026-06-6 10:37 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2871
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11049
|
2026-06-6 10:37 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2872
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandb…
|
CWE-20
不適切な入力確認
|
CVE-2026-11046
|
2026-06-6 10:37 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2873
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11028
|
2026-06-6 10:37 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2874
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11188
|
2026-06-6 10:36 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2875
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extens…
|
CWE-416
解放済みメモリの使用
|
CVE-2026-11201
|
2026-06-6 10:36 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2876
|
8.8 |
HIGH
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium secu…
|
CWE-20
不適切な入力確認
|
CVE-2026-11202
|
2026-06-6 10:36 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2877
|
6.5 |
MEDIUM
ネットワーク
|
google
|
chrome
|
Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-200
情報漏えい
|
CVE-2026-11203
|
2026-06-6 10:36 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2878
|
6.5 |
MEDIUM
ネットワーク
|
gkostka
|
lwext4
|
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 files…
|
CWE-125
境界外読み取り
|
CVE-2025-70101
|
2026-06-6 06:10 |
2026-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2879
|
5.5 |
MEDIUM
ローカル
|
gkostka
|
lwext4
|
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi…
|
CWE-369
ゼロ除算
|
CVE-2025-70100
|
2026-06-6 06:09 |
2026-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2880
|
9.8 |
CRITICAL
ネットワーク
|
freedesktop
|
libinput
|
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
|
CWE-93
CRLF インジェクション
|
CVE-2026-50292
|
2026-06-6 06:06 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2881
|
9.1 |
CRITICAL
ネットワーク
|
netty
|
netty-incubator-codec-ohttp
|
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses…
|
CWE-125
CWE-787
境界外読み取り
境界外書き込み
|
CVE-2026-48040
|
2026-06-6 06:04 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2882
|
5.3 |
MEDIUM
ネットワーク
|
netty
|
netty-incubator-codec-ohttp
|
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distin…
|
CWE-330
不十分なランダム値の使用
|
CVE-2026-41207
|
2026-06-6 06:01 |
2026-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2883
|
- |
-
|
-
|
-
|
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network a…
|
CWE-22
CWE-798
パス・トラバーサル
ハードコードされた認証情報の使用
|
CVE-2026-11414
|
2026-06-6 05:49 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2884
|
- |
-
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authen…
|
CWE-22
CWE-434
パス・トラバーサル
危険なタイプのファイルの無制限アップロード
|
CVE-2026-11419
|
2026-06-6 05:49 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2885
|
- |
-
|
-
|
-
|
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on…
|
CWE-22
CWE-306
パス・トラバーサル
重要な機能に対する認証の欠如 解説
|
CVE-2026-11420
|
2026-06-6 05:49 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2886
|
8.0 |
HIGH
ネットワーク
|
-
|
-
|
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges t…
|
CWE-426
信頼性のない検索パス
|
CVE-2026-11400
|
2026-06-6 05:49 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2887
|
8.0 |
HIGH
ネットワーク
|
-
|
-
|
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to …
|
CWE-426
信頼性のない検索パス
|
CVE-2026-11401
|
2026-06-6 05:49 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2888
|
- |
-
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure flag. This allow…
|
CWE-614
HTTPS セッション内の Secure 属性がない重要な Cookie
|
CVE-2026-46398
|
2026-06-6 05:48 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2889
|
7.5 |
HIGH
ネットワーク
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue.
|
CWE-338
暗号における脆弱な PRNG の使用
|
CVE-2026-46493
|
2026-06-6 05:48 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2890
|
7.1 |
HIGH
隣接
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension …
|
CWE-319
重要な情報の平文での送信
|
CVE-2026-8874
|
2026-06-6 05:47 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2891
|
7.5 |
HIGH
ネットワーク
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …
|
NVD-CWE-noinfo
|
CVE-2026-8881
|
2026-06-6 05:46 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2892
|
7.5 |
HIGH
ネットワーク
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…
|
CWE-917
CWE-1333
言語構文の表現に使用される特殊な要素の不適切な無効化
非効率的な正規表現の複雑さ
|
CVE-2026-8888
|
2026-06-6 05:46 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2893
|
8.2 |
HIGH
ネットワーク
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen…
|
CWE-400
リソースの枯渇
|
CVE-2026-37234
|
2026-06-6 05:42 |
2026-06-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2894
|
7.8 |
HIGH
ローカル
|
trustedfirmware
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
|
CWE-416
解放済みメモリの使用
|
CVE-2026-40290
|
2026-06-6 05:20 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2895
|
- |
-
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p…
|
CWE-79
CWE-116
クロスサイト・スクリプティング(XSS)
不適切なエンコード、または出力のエスケープ
|
CVE-2026-46496
|
2026-06-6 05:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2896
|
- |
-
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat…
|
CWE-200
CWE-321
CWE-327
情報漏えい
ハードコードされた暗号鍵の使用
不完全、または危険な暗号アルゴリズムの使用
|
CVE-2026-46395
|
2026-06-6 05:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2897
|
8.7 |
HIGH
ネットワーク
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the file…
|
CWE-178
CWE-434
大文字と小文字の区別の不適切な処理
危険なタイプのファイルの無制限アップロード
|
CVE-2026-46392
|
2026-06-6 05:17 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2898
|
4.3 |
MEDIUM
ネットワーク
|
misp
|
misp
|
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enab…
|
CWE-200
情報漏えい
|
CVE-2026-10854
|
2026-06-6 04:51 |
2026-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2899
|
10.0 |
CRITICAL
ネットワーク
|
-
|
-
|
UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs) consumed by UDS Core's Identity deployment. In versions 0.11.0 through 0.26.0, a logic error in t…
|
CWE-287
CWE-303
不適切な認証
認証アルゴリズム上の問題
|
CVE-2026-46389
|
2026-06-6 04:21 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2900
|
9.8 |
CRITICAL
ネットワーク
|
-
|
-
|
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass leading to Administrator Account Takeover in all versions up to and including 1.9.4. This is due to a…
|
CWE-285
不適切な認可
|
CVE-2026-10580
|
2026-06-6 04:20 |
2026-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
