|
1721
|
- |
|
-
|
-
|
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Du…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47901
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1722
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory ex…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49762
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1723
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection.
This issue affects E-İmar: from 2.10.1.0 befor…
|
CWE-89
SQL Injection
|
CVE-2026-7486
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1724
|
- |
|
-
|
-
|
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concaten…
|
CWE-78
OS Command
|
CVE-2026-9279
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1725
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11630
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1726
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
|
CWE-416
Use After Free
|
CVE-2026-11631
|
2026-06-9 23:45 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1727
|
3.3 |
LOW
Network
|
-
|
-
|
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11792
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1728
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-11165
|
2026-06-9 23:24 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1729
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the head…
|
CWE-170
CWE-787
Improper Null Termination
Out-of-bounds Write
|
CVE-2026-5067
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1730
|
- |
|
-
|
-
|
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: disallow non-power of two min_region_sz on damon_start()
Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_reg…
|
-
|
CVE-2026-52905
|
2026-06-9 23:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
