|
2871
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: M…
|
CWE-416
Use After Free
|
CVE-2026-11049
|
2026-06-6 10:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2872
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandb…
|
CWE-20
Improper Input Validation
|
CVE-2026-11046
|
2026-06-6 10:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2873
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Media in Google Chrome on Linux and ChromeOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via…
|
CWE-416
Use After Free
|
CVE-2026-11028
|
2026-06-6 10:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2874
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-11188
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2875
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extens…
|
CWE-416
Use After Free
|
CVE-2026-11201
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2876
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium secu…
|
CWE-20
Improper Input Validation
|
CVE-2026-11202
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2877
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in GPU in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
CWE-200
Information Exposure
|
CVE-2026-11203
|
2026-06-6 10:36 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2878
|
6.5 |
MEDIUM
Network
|
gkostka
|
lwext4
|
An out-of-bounds read in the ext4_ext_binsearch_idx function in src/ext4_extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 files…
|
CWE-125
Out-of-bounds Read
|
CVE-2025-70101
|
2026-06-6 06:10 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2879
|
5.5 |
MEDIUM
Local
|
gkostka
|
lwext4
|
A divide-by-zero vulnerability in the ext4_block_set_lb_size function in src/ext4_blockdev.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by providing a malformed ext4 fi…
|
CWE-369
Divide By Zero
|
CVE-2025-70100
|
2026-06-6 06:09 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2880
|
9.8 |
CRITICAL
Network
|
freedesktop
|
libinput
|
In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution
|
CWE-93
CRLF Injection
|
CVE-2026-50292
|
2026-06-6 06:06 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
