|
941
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)
|
CWE-346
Origin Validation Error
|
CVE-2026-12024
|
2026-06-13 09:27 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
942
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…
|
CWE-250
CWE-693
Execution with Unnecessary Privileges
Protection Mechanism Failure
|
CVE-2026-12027
|
2026-06-13 09:26 |
2026-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
943
|
- |
|
-
|
-
|
Rejected reason: CVE ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-53826. Reason: This candidate is a duplicate of CVE-2025-53826. Notes: All CVE users should reference CVE-2025…
|
-
|
CVE-2026-54095
|
2026-06-13 07:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
944
|
- |
|
-
|
-
|
Rejected reason: This candidate was issued in error.
|
-
|
CVE-2020-2521
|
2026-06-13 07:16 |
2026-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
945
|
5.5 |
MEDIUM
Local
|
mongodb
|
mongodb
|
The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-9751
|
2026-06-13 05:43 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
946
|
7.5 |
HIGH
Network
|
vmware
|
spring_security
|
An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-40988
|
2026-06-13 05:38 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
947
|
5.4 |
MEDIUM
Network
|
vmware
|
spring_security
|
An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters.
Affected versions:
Spring Security 5.7.0 throug…
|
CWE-79
Cross-site Scripting
|
CVE-2026-41003
|
2026-06-13 05:30 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
948
|
5.3 |
MEDIUM
Network
|
vmware
|
spring_security
|
Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-41694
|
2026-06-13 05:28 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
949
|
9.8 |
CRITICAL
Network
|
qnap
|
qts
|
QuTS hero is not affected.
We have already fixed the vulnerability in the following version:
QTS 5.2.7.3256 build 20250913 and later
|
NVD-CWE-noinfo
|
CVE-2025-66276
|
2026-06-13 05:25 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
950
|
6.5 |
MEDIUM
Network
|
qnap
|
qts
quts_hero
|
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read…
|
CWE-22
Path Traversal
|
CVE-2026-24717
|
2026-06-13 05:21 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
