|
3661
|
8.2 |
HIGH
Network
|
-
|
-
|
RVF (formerly Remix Validated Form) provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get (used by @rvf/core to flatten incoming …
|
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
|
CVE-2026-44483
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3662
|
7.5 |
HIGH
Network
|
-
|
-
|
Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], *, **, ?). When attacker-controlle…
|
CWE-22
CWE-89
CWE-915
CWE-1284
Path Traversal
SQL Injection
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Improper Validation of Specified Quantity in Input
|
CVE-2026-44635
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3663
|
8.4 |
HIGH
Network
|
-
|
-
|
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Autho…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45108
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3664
|
7.8 |
HIGH
Local
|
-
|
-
|
uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files u…
|
CWE-78
OS Command
|
CVE-2026-45152
|
2026-06-2 03:31 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3665
|
3.1 |
LOW
Network
|
google
|
chrome
|
Uninitialized Use in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9944
|
2026-06-2 03:31 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3666
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML p…
|
CWE-416
Use After Free
|
CVE-2026-9948
|
2026-06-2 03:31 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3667
|
3.1 |
LOW
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9950
|
2026-06-2 03:30 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3668
|
9.8 |
CRITICAL
Network
|
apache
|
solr
|
Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 allows a remote attacker to gain full administrative access…
|
CWE-798
CWE-1188
Use of Hard-coded Credentials
Insecure Default Initialization of Resource
|
CVE-2026-44825
|
2026-06-2 03:30 |
2026-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3669
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-9953
|
2026-06-2 03:30 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3670
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in TabStrip in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a craft…
|
CWE-416
Use After Free
|
CVE-2026-9954
|
2026-06-2 03:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
