|
4261
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11292
|
2026-06-9 22:54 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4262
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)
|
CWE-416
Use After Free
|
CVE-2026-11293
|
2026-06-9 22:53 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4263
|
7.6 |
HIGH
Adjacent
|
-
|
-
|
A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-5068
|
2026-06-9 22:53 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4264
|
6.0 |
MEDIUM
Local
|
-
|
-
|
Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially e…
|
CWE-59
Link Following
|
CVE-2026-28262
|
2026-06-9 22:53 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4265
|
4.8 |
MEDIUM
Network
|
-
|
-
|
QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG f…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25558
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4266
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e…
|
CWE-305
Authentication Bypass by Primary Weakness
|
CVE-2026-25555
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4267
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by …
|
CWE-22
Path Traversal
|
CVE-2026-25559
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4268
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File…
|
CWE-78
OS Command
|
CVE-2026-25855
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4269
|
8.8 |
HIGH
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin…
|
CWE-94
Code Injection
|
CVE-2026-25856
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4270
|
6.5 |
MEDIUM
Network
|
-
|
-
|
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2026-39908
|
2026-06-9 22:51 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
