|
2241
|
- |
|
-
|
-
|
Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storag…
|
CWE-862
Missing Authorization
|
CVE-2026-47352
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2242
|
- |
|
-
|
-
|
The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/sec…
|
CWE-22
Path Traversal
|
CVE-2026-49738
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2243
|
- |
|
-
|
-
|
TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the …
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-49740
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2244
|
- |
|
-
|
-
|
Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persisten…
|
CWE-89
CWE-862
SQL Injection
Missing Authorization
|
CVE-2026-49741
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2245
|
- |
|
-
|
-
|
Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths …
|
CWE-22
CWE-200
Path Traversal
Information Exposure
|
CVE-2026-49742
|
2026-06-9 22:46 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2246
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted H…
|
CWE-269
Improper Privilege Management
|
CVE-2026-11296
|
2026-06-9 22:45 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2247
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severi…
|
CWE-346
Origin Validation Error
|
CVE-2026-11298
|
2026-06-9 22:44 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2248
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-11299
|
2026-06-9 22:43 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2249
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
|
CWE-701
Weaknesses Introduced During Design
|
CVE-2026-41975
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2250
|
4.4 |
MEDIUM
Local
|
-
|
-
|
Permission control vulnerability in the clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
|
CWE-275
Permission Issues
|
CVE-2026-41978
|
2026-06-9 22:34 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
