|
1421
|
- |
|
-
|
-
|
Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" wi…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47900
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
- |
|
-
|
-
|
Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Du…
|
CWE-79
Cross-site Scripting
|
CVE-2026-47901
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
- |
|
-
|
-
|
Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory ex…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-49762
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
9.8 |
CRITICAL
Network
|
-
|
-
|
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection.
This issue affects E-İmar: from 2.10.1.0 befor…
|
CWE-89
SQL Injection
|
CVE-2026-7486
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1425
|
- |
|
-
|
-
|
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concaten…
|
CWE-78
OS Command
|
CVE-2026-9279
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1426
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11630
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
|
CWE-416
Use After Free
|
CVE-2026-11631
|
2026-06-9 23:45 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
3.3 |
LOW
Network
|
-
|
-
|
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11792
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-11793
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-11165
|
2026-06-9 23:24 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
