|
1
|
7.4 |
HIGH
Network
|
asynchttpclient_project
|
async-http-client
|
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch pri…
Update
|
CWE-200
Information Exposure
|
CVE-2026-45300
|
2026-06-9 03:37 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11022
|
2026-06-9 03:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
7.8 |
HIGH
Local
|
x.org
redhat
|
x_server
xwayland
enterprise_linux
|
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function Ch…
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-50259
|
2026-06-9 03:28 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-11017
|
2026-06-9 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi…
Update
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11018
|
2026-06-9 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted…
Update
|
CWE-290
CWE-451
Authentication Bypass by Spoofing
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11019
|
2026-06-9 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)
Update
|
CWE-346
CWE-352
Origin Validation Error
Origin Validation Error
|
CVE-2026-11020
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
- |
-
|
-
|
-
|
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…
New
|
CWE-78
OS Command
|
CVE-2026-8913
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
7.2 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-50232
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
- |
-
|
-
|
-
|
Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests.
This issue affects Apache HTTP Server: from 2.4.17 …
New
|
CWE-789
Memory Allocation with Excessive Size Value
|
CVE-2026-49975
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
11
|
7.1 |
HIGH
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmwar…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48111
|
2026-06-9 03:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
8.1 |
HIGH
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer ove…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48092
|
2026-06-9 03:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
8.8 |
HIGH
Network
|
-
|
-
|
A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-11556
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
3.7 |
LOW
Network
|
-
|
-
|
A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least …
New
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11555
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi…
New
|
CWE-266
CWE-272
Incorrect Privilege Assignment
Least Privilege Violation
|
CVE-2026-11554
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-11553
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk…
New
|
CWE-255
CWE-259
Credentials Management
Use of Hard-coded Password
|
CVE-2026-11552
|
2026-06-9 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11128
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chro…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11126
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
8.8 |
HIGH
Network
|
-
|
-
|
Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11124
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
21
|
9.8 |
CRITICAL
Network
|
-
|
-
|
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders.
The preparse method expands SQL placeholder characters to numbered binders of the for…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-10879
|
2026-06-9 03:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
22
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbo…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11021
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
23
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-11302
|
2026-06-9 03:12 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
24
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
Update
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11300
|
2026-06-9 03:10 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
25
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11007
|
2026-06-9 03:09 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
26
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11008
|
2026-06-9 03:09 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
27
|
8.1 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted H…
Update
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11011
|
2026-06-9 03:09 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
28
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted …
Update
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11014
|
2026-06-9 03:08 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
29
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromi…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11301
|
2026-06-9 03:08 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
30
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cra…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11016
|
2026-06-9 03:08 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
31
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
Update
|
CWE-416
Use After Free
|
CVE-2026-11305
|
2026-06-9 03:04 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
Update
|
CWE-416
Use After Free
|
CVE-2026-11306
|
2026-06-9 03:04 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
Update
|
CWE-416
Use After Free
|
CVE-2026-11307
|
2026-06-9 03:04 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
4.2 |
MEDIUM
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In t…
Update
|
CWE-125
CWE-908
Out-of-bounds Read
Use of Uninitialized Resource
|
CVE-2026-48104
|
2026-06-9 03:03 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)
Update
|
CWE-416
Use After Free
|
CVE-2026-11304
|
2026-06-9 03:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)
Update
|
CWE-416
Use After Free
|
CVE-2026-11303
|
2026-06-9 03:01 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
6.5 |
MEDIUM
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in…
Update
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-48112
|
2026-06-9 03:00 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
7.1 |
HIGH
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handler's security descriptor lo…
Update
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48103
|
2026-06-9 02:54 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
6.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a craf…
Update
|
CWE-269
Improper Privilege Management
|
CVE-2026-11308
|
2026-06-9 02:43 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
9.8 |
CRITICAL
Network
|
mbs-solutions
|
universal_gateway_firmware
|
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.
Update
|
CWE-1393
Use of Default Password
|
CVE-2026-35075
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
41
|
8.1 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-35076
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
8.1 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-35077
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
8.1 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-35078
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
8.1 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-35079
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
8.1 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.
Update
|
CWE-73
External Control of File Name or Path
|
CVE-2026-35080
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
8.1 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-35081
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
8.8 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.
Update
|
CWE-22
Path Traversal
|
CVE-2026-35082
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
8.8 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-35083
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
8.8 |
HIGH
Network
|
mbs-solutions
|
universal_gateway_firmware
|
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.
Update
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-35084
|
2026-06-9 02:17 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
9.3 |
CRITICAL
Network
|
-
|
-
|
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish …
New
|
CWE-287
Improper Authentication
|
CVE-2026-50751
|
2026-06-9 02:16 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
