|
1361
|
5.6 |
MEDIUM
Network
|
-
|
-
|
Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…
New
|
CWE-299
Improper Check for Certificate Revocation
|
CVE-2026-6899
|
2026-06-10 00:25 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1362
|
- |
|
-
|
-
|
Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …
Update
|
CWE-755
Improper Handling of Exceptional Conditions
|
CVE-2026-49232
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1363
|
- |
|
-
|
-
|
Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority.
In gun_http2:push_promise_frame/7, the :…
Update
|
CWE-346
Origin Validation Error
|
CVE-2026-43972
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1364
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering.
In gun_http:handle/5,…
Update
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-43973
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1365
|
- |
|
-
|
-
|
Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot…
Update
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-43974
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1366
|
- |
|
-
|
-
|
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo…
Update
|
CWE-409
Improper Handling of Highly Compressed Data (Data Amplification)
|
CVE-2026-49755
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1367
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata.
Req.Utils.encode_form_part/2 …
Update
|
CWE-93
CRLF Injection
|
CVE-2026-49756
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1368
|
- |
|
-
|
-
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields…
Update
|
CWE-113
HTTP Response Splitting
|
CVE-2026-43966
|
2026-06-10 00:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1369
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-843
Type Confusion
|
CVE-2026-11662
|
2026-06-9 23:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1370
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…
|
CWE-416
Use After Free
|
CVE-2026-11663
|
2026-06-9 23:58 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
