|
921
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-472
External Control of Assumed-Immutable Web Parameter
|
CVE-2026-10015
|
2026-06-2 00:26 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
922
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (C…
Update
|
CWE-416
Use After Free
|
CVE-2026-10003
|
2026-06-2 00:25 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
923
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Update
|
CWE-416
Use After Free
|
CVE-2026-10007
|
2026-06-2 00:17 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
924
|
5.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was discovered on Stormshield Network Security
* 4.3.0 to 4.3.41,
* 4.8.0 to 4.8.15,
* 5.0.0 to 5.0.5
It is possible to execute a reflected XSS attack on the …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-8474
|
2026-06-2 00:17 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
925
|
5.3 |
MEDIUM
Network
|
apache
|
fesod
|
Server-Side Request Forgery (SSRF) in the UrlImageConverter component of Apache Fesod (Incubating) fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal …
New
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-49328
|
2026-06-2 00:16 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
926
|
- |
|
-
|
-
|
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code fi…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-45151
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
927
|
6.3 |
MEDIUM
Network
|
-
|
-
|
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, the JavaScript sandbox worker at projects/code-sandbox/src/pool/worker.ts:356 blocks dynamic import() with the regex /\bimport\s*\(/.t…
Update
|
CWE-94
CWE-184
Code Injection
Incomplete Blacklist
|
CVE-2026-44287
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
928
|
7.5 |
HIGH
Network
|
-
|
-
|
xiaomusic v0.5.7 contains an unauthenticated path traversal vulnerability in the GET /music/{file_path:path} endpoint that allows unauthenticated attackers to read arbitrary files outside the intende…
Update
|
CWE-22
Path Traversal
|
CVE-2026-10108
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
929
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file /index.php. Performing a manipulation of the argument roll results in…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10110
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
930
|
7.3 |
HIGH
Network
|
-
|
-
|
A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page. Executing a manipulation of the argument email can lead to sql injectio…
Update
|
CWE-74
CWE-89
Injection
SQL Injection
|
CVE-2026-10111
|
2026-06-2 00:16 |
2026-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
