|
161
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions v…
New
|
CWE-20
CWE-602
Improper Input Validation
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11287
|
2026-06-9 01:31 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
162
|
5.3 |
MEDIUM
Network
|
cosimo
|
net\
|
Net::Statsd versions before 0.13 for Perl allow metric injections.
The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st…
Update
|
CWE-93
CRLF Injection
|
CVE-2026-46739
|
2026-06-9 01:31 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
163
|
7.5 |
HIGH
Network
|
oalders
|
html\
|
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.
The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu…
Update
|
CWE-416
Use After Free
|
CVE-2026-8829
|
2026-06-9 01:29 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
164
|
5.0 |
MEDIUM
Local
|
google
|
chrome
|
Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Ch…
New
|
CWE-472
CWE-190
External Control of Assumed-Immutable Web Parameter
Integer Overflow or Wraparound
|
CVE-2026-11281
|
2026-06-9 01:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
165
|
- |
|
-
|
-
|
Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted.
This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67.
New
|
CWE-416
Use After Free
|
CVE-2026-48913
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
166
|
- |
|
-
|
-
|
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac…
New
|
CWE-328
Use of Weak Hash
|
CVE-2026-48488
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
167
|
8.8 |
HIGH
Network
|
-
|
-
|
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically del…
New
|
CWE-285
CWE-613
Improper Authorization
Insufficient Session Expiration
|
CVE-2026-46656
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
168
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46478
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
169
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. Thi…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46477
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
170
|
- |
|
-
|
-
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeo…
New
|
CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-46476
|
2026-06-9 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
