|
501
|
- |
|
-
|
-
|
Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concaten…
New
|
CWE-78
OS Command
|
CVE-2026-9279
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
502
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)
New
|
CWE-416
Use After Free
|
CVE-2026-11630
|
2026-06-9 23:47 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
503
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…
New
|
CWE-416
Use After Free
|
CVE-2026-11631
|
2026-06-9 23:45 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
504
|
4.3 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated user…
New
|
CWE-843
Type Confusion
|
CVE-2026-11785
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
505
|
1.9 |
LOW
Local
|
-
|
-
|
A flaw was found in 389 Directory Server. The LDIF parser reads past the end of a heap buffer when processing attribute types with trailing semicolons during database import, causing an out-of-bounds…
New
|
CWE-125
Out-of-bounds Read
|
CVE-2026-11786
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
506
|
5.0 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in 389 Directory Server. The ldap_utf8prev() function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that …
New
|
CWE-126
Buffer Over-read
|
CVE-2026-11787
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
507
|
5.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the L…
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-11788
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
508
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a…
New
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2026-11789
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
509
|
4.9 |
MEDIUM
Network
|
-
|
-
|
A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-11790
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
510
|
3.3 |
LOW
Network
|
-
|
-
|
A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11792
|
2026-06-9 23:42 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
