|
1351
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HT…
|
CWE-20
CWE-451
Improper Input Validation
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11286
|
2026-06-10 00:42 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1352
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Lo…
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11285
|
2026-06-10 00:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1353
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
|
CWE-1300
CWE-203
Improper Protection of Physical Side Channels
Information Exposure Through Discrepancy
|
CVE-2026-11284
|
2026-06-10 00:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1354
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11282
|
2026-06-10 00:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1355
|
- |
|
-
|
-
|
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac…
|
CWE-328
Use of Weak Hash
|
CVE-2026-48488
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1356
|
5.5 |
MEDIUM
Local
|
-
|
-
|
fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2026-45581
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1357
|
8.3 |
HIGH
Network
|
-
|
-
|
OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST …
|
CWE-201
Insertion of Sensitive Information Into Sent Data
|
CVE-2026-46481
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1358
|
- |
|
-
|
-
|
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerabili…
|
CWE-22
Path Traversal
|
CVE-2026-46486
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1359
|
8.1 |
HIGH
Network
|
-
|
-
|
Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by…
|
CWE-22
CWE-285
Path Traversal
Improper Authorization
|
CVE-2026-46484
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1360
|
- |
|
-
|
-
|
Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue h…
|
CWE-79
Cross-site Scripting
|
CVE-2026-44541
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
