|
11
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox vi…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11235
|
2026-06-10 03:44 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
12
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…
Update
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11236
|
2026-06-10 03:42 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
13
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTM…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11237
|
2026-06-10 03:41 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
14
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
Update
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-11268
|
2026-06-10 03:38 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
15
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform p…
Update
|
CWE-20
Improper Input Validation
|
CVE-2026-11272
|
2026-06-10 03:34 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
16
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security se…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-11274
|
2026-06-10 03:32 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
17
|
9.3 |
CRITICAL
Network
|
checkpoint
|
gaia_os
gaia_embedded
|
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish …
New
|
CWE-287
Improper Authentication
|
CVE-2026-50751
|
2026-06-10 03:30 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
18
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…
Update
|
CWE-284
Improper Access Control
|
CVE-2026-11277
|
2026-06-10 03:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
19
|
5.8 |
MEDIUM
Network
|
-
|
-
|
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is …
Update
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-7473
|
2026-06-10 03:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
20
|
8.8 |
HIGH
Network
|
-
|
-
|
The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid I…
New
|
CWE-89
SQL Injection
|
CVE-2026-50636
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
