|
1521
|
5.3 |
MEDIUM
Network
|
-
|
-
|
Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a c…
|
CWE-20
Improper Input Validation
|
CVE-2026-11246
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1522
|
3.1 |
LOW
Network
|
-
|
-
|
Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severi…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11247
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1523
|
8.8 |
HIGH
Network
|
-
|
-
|
Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: L…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11248
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1524
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…
|
CWE-416
Use After Free
|
CVE-2026-11249
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1525
|
- |
|
-
|
-
|
In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.
|
CWE-1287
Improper Validation of Specified Type of Input
|
CVE-2024-6858
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1526
|
5.9 |
MEDIUM
Network
|
-
|
-
|
On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to by…
|
CWE-287
Improper Authentication
|
CVE-2023-5502
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1527
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-27890
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1528
|
5.3 |
MEDIUM
Network
|
-
|
-
|
On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgo…
|
CWE-284
Improper Access Control
|
CVE-2024-27891
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1529
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2024-27892
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1530
|
7.5 |
HIGH
Network
|
-
|
-
|
On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, a…
|
CWE-1286
Improper Validation of Syntactic Correctness of Input
|
CVE-2025-8873
|
2026-06-6 00:02 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
