|
851
|
- |
|
-
|
-
|
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority.
In gun_http2:push_promise_frame/7, the :…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-43972
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
852
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5,…
New
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-43973
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
853
|
- |
|
-
|
-
|
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot…
New
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43974
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
854
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo…
New
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-49755
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
855
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata.
Req.Utils.encode_form_part/2 …
New
|
CWE-93
CRLF Injection
|
CVE-2026-49756
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
856
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields…
New
|
CWE-113
HTTP Response Splitting
|
CVE-2026-43966
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
857
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-843
Type Confusion
|
CVE-2026-11662
|
2026-06-9 23:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
858
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
New
|
CWE-416
Use After Free
|
CVE-2026-11663
|
2026-06-9 23:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
859
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-11664
|
2026-06-9 23:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
860
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in Dawn in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11665
|
2026-06-9 23:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
