|
1391
|
7.5 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …
|
CWE-22
Path Traversal
|
CVE-2026-50234
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1392
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…
|
CWE-78
OS Command
|
CVE-2026-46394
|
2026-06-9 04:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1393
|
- |
|
-
|
-
|
OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…
|
CWE-772
CWE-775
Missing Release of Resource after Effective Lifetime
Missing Release of File Descriptor or Handle after Effective Lifetime
|
CVE-2026-45287
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1394
|
4.3 |
MEDIUM
Network
|
-
|
-
|
IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…
|
CWE-650
Trusting HTTP Permission Methods on the Server Side
|
CVE-2026-42543
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1395
|
- |
|
-
|
-
|
Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…
|
CWE-863
Incorrect Authorization
|
CVE-2026-41235
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1396
|
7.8 |
HIGH
Local
|
-
|
-
|
A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-36574
|
2026-06-9 04:16 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1397
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …
|
CWE-20
Improper Input Validation
|
CVE-2026-11113
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1398
|
7.4 |
HIGH
Network
|
google
|
chrome
|
Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-10973
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1399
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-10972
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1400
|
7.4 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …
|
CWE-20
Improper Input Validation
|
CVE-2026-10968
|
2026-06-9 04:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
