|
2181
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-200
Information Exposure
|
CVE-2026-11203
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2182
|
6.5 |
MEDIUM
Network
|
gkostka
|
lwext4
|
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 files…
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70101
|
2026-06-6 06:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2183
|
5.5 |
MEDIUM
Local
|
gkostka
|
lwext4
|
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi…
|
CWE-369
Divide By Zero
|
CVE-2025-70100
|
2026-06-6 06:09 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2184
|
9.8 |
CRITICAL
Network
|
freedesktop
|
libinput
|
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
|
CWE-93
CRLF Injection
|
CVE-2026-50292
|
2026-06-6 06:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2185
|
9.1 |
CRITICAL
Network
|
netty
|
netty-incubator-codec-ohttp
|
The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses…
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-48040
|
2026-06-6 06:04 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2186
|
5.3 |
MEDIUM
Network
|
netty
|
netty-incubator-codec-ohttp
|
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distin…
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2026-41207
|
2026-06-6 06:01 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2187
|
- |
|
-
|
-
|
A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network a…
|
CWE-22
CWE-798
Path Traversal
Use of Hard-coded Credentials
|
CVE-2026-11414
|
2026-06-6 05:49 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2188
|
- |
|
-
|
-
|
A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authen…
|
CWE-22
CWE-434
Path Traversal
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-11419
|
2026-06-6 05:49 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2189
|
- |
|
-
|
-
|
Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on…
|
CWE-22
CWE-306
Path Traversal
Missing Authentication for Critical Function
|
CVE-2026-11420
|
2026-06-6 05:49 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2190
|
8.0 |
HIGH
Network
|
-
|
-
|
An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges t…
|
CWE-426
Untrusted Search Path
|
CVE-2026-11400
|
2026-06-6 05:49 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
