|
931
|
7.5 |
HIGH
Network
|
oalders
|
html\
|
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.
The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu…
Update
|
CWE-416
Use After Free
|
CVE-2026-8829
|
2026-06-9 01:29 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
932
|
5.0 |
MEDIUM
Local
|
google
|
chrome
|
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Ch…
Update
|
CWE-472
CWE-190
External Control of Assumed-Immutable Web Parameter
Integer Overflow or Wraparound
|
CVE-2026-11281
|
2026-06-9 01:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
933
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths
Vulnerabilities leading to Use-After-Free (UAF) and Nul…
New
|
-
|
CVE-2026-46275
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
934
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
io-wq: check that the predecessor is hashed in io_wq_remove_pending()
io_wq_remove_pending() needs to fix up wq->hash_tail[] if t…
New
|
-
|
CVE-2026-46274
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
935
|
5.4 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi…
Update
|
CWE-863
Incorrect Authorization
|
CVE-2026-42547
|
2026-06-9 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
936
|
4.7 |
MEDIUM
Network
|
-
|
-
|
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir…
Update
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-42329
|
2026-06-9 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
937
|
8.8 |
HIGH
Network
|
-
|
-
|
Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning cod…
Update
|
CWE-59
Link Following
|
CVE-2026-41236
|
2026-06-9 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
938
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11450
|
2026-06-9 01:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
939
|
4.7 |
MEDIUM
Network
|
-
|
-
|
A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument ku…
New
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11448
|
2026-06-9 01:16 |
2026-06-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
940
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11120
|
2026-06-9 01:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
