|
531
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious netw…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11034
|
2026-06-8 22:38 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
532
|
6.1 |
MEDIUM
Network
|
cisco
|
webex_meetings
|
A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2026-20233
|
2026-06-8 22:36 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
533
|
8.1 |
HIGH
Network
|
misp
|
misp
|
A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-10863
|
2026-06-8 22:35 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
534
|
7.3 |
HIGH
Local
|
google
|
chrome
|
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. (Chromium security seve…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11035
|
2026-06-8 22:34 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
535
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-11036
|
2026-06-8 22:34 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
536
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
Update
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-11039
|
2026-06-8 22:31 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
537
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand…
Update
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11041
|
2026-06-8 22:31 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
538
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
Update
|
CWE-787
Out-of-bounds Write
|
CVE-2026-11043
|
2026-06-8 22:29 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
539
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proces…
Update
|
CWE-190
CWE-125
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-10999
|
2026-06-8 22:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
540
|
9.1 |
CRITICAL
Network
|
apache
|
fory
|
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChec…
Update
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-50076
|
2026-06-8 22:00 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
