|
3671
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
|
CWE-200
Information Exposure
|
CVE-2026-9955
|
2026-06-2 03:29 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3672
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-9958
|
2026-06-2 03:28 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3673
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2026-9971
|
2026-06-2 03:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3674
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Uninitialized Use in Gamepad in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-9972
|
2026-06-2 03:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3675
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9982
|
2026-06-2 03:27 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3676
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in WebShare in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a …
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-9977
|
2026-06-2 03:26 |
2026-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3677
|
7.5 |
HIGH
Network
|
-
|
-
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pr…
|
CWE-248
Uncaught Exception
|
CVE-2026-43988
|
2026-06-2 03:26 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3678
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This…
|
CWE-863
Incorrect Authorization
|
CVE-2026-45081
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3679
|
7.5 |
HIGH
Network
|
-
|
-
|
bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-45047
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3680
|
5.5 |
MEDIUM
Local
|
-
|
-
|
Gryph provides a security layer for AI coding agents. Prior to 0.7.0, Gryph implements logging levels that determine what content is logged to a local sqlite database. The README incorrectly mentions…
|
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer
|
CVE-2026-45046
|
2026-06-2 03:26 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
