|
1611
|
6.1 |
MEDIUM
Network
|
hcltech
|
digital_experience_compose
digital_experience
|
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection. An attacker can manipulate the Host header and cause the application to behave in unexpected …
|
CWE-601
Open Redirect
|
CVE-2026-21826
|
2026-06-11 04:24 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
6.1 |
MEDIUM
Network
|
hcltech
|
digital_experience_compose
digital_experience
|
HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center. An attacker could execute arbitrary JavaScript in the victim's browser.
|
CWE-79
Cross-site Scripting
|
CVE-2026-21825
|
2026-06-11 04:24 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11279
|
2026-06-11 04:22 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …
|
CWE-346
Origin Validation Error
|
CVE-2026-11278
|
2026-06-11 04:19 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
- |
|
-
|
-
|
bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could cause the decompres…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-9669
|
2026-06-11 04:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
- |
|
-
|
-
|
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation.
|
CWE-20
Improper Input Validation
|
CVE-2026-9211
|
2026-06-11 04:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
- |
|
-
|
-
|
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and fu…
|
CWE-20
Improper Input Validation
|
CVE-2026-9210
|
2026-06-11 04:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-8889
|
2026-06-11 04:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
- |
|
-
|
-
|
tarfile.data_filter could be bypassed using crafted link entries, including symlinks with empty or directory-like names, to redirect later archive members outside the intended extraction directory. T…
|
CWE-22
Path Traversal
|
CVE-2026-7774
|
2026-06-11 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
- |
|
-
|
-
|
Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests.
|
CWE-787
Out-of-bounds Write
|
CVE-2026-3088
|
2026-06-11 04:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
