|
2781
|
8.8 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
|
CWE-77
Command Injection
|
CVE-2026-45497
|
2026-06-8 22:55 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2782
|
6.5 |
MEDIUM
Network
|
misp
|
misp
|
A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-10860
|
2026-06-8 22:54 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2783
|
7.5 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-42824
|
2026-06-8 22:52 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2784
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11027
|
2026-06-8 22:45 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2785
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-11030
|
2026-06-8 22:44 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2786
|
8.8 |
HIGH
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCu…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-48095
|
2026-06-8 22:40 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2787
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11031
|
2026-06-8 22:40 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2788
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi…
|
CWE-346
Origin Validation Error
|
CVE-2026-11032
|
2026-06-8 22:39 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2789
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-11033
|
2026-06-8 22:39 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2790
|
6.1 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious netw…
|
CWE-20
Improper Input Validation
|
CVE-2026-11034
|
2026-06-8 22:38 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
