|
861
|
- |
|
-
|
-
|
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator acce…
New
|
CWE-346
Origin Validation Error
|
CVE-2026-54069
|
2026-06-26 00:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
862
|
7.4 |
HIGH
Network
|
-
|
-
|
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.8.1, node:crypto.checkPrime(candidate[, options][, callback]) and crypto.checkPrimeSync(candidate[, options]) ran no Miller-Rabin…
New
|
CWE-325
Missing Required Cryptographic Step
|
CVE-2026-49440
|
2026-06-26 00:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
863
|
- |
|
-
|
-
|
Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys
New
|
CWE-339
Small Seed Space in PRNG
|
CVE-2026-2815
|
2026-06-26 00:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
864
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
New
|
CWE-89
SQL Injection
|
CVE-2025-61028
|
2026-06-26 00:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
865
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-13035
|
2026-06-26 00:14 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
866
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
New
|
CWE-416
Use After Free
|
CVE-2026-13036
|
2026-06-26 00:13 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
867
|
7.8 |
HIGH
Local
|
google
|
chrome
|
Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…
New
|
CWE-416
Use After Free
|
CVE-2026-13037
|
2026-06-26 00:13 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
868
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
New
|
CWE-416
Use After Free
|
CVE-2026-13038
|
2026-06-26 00:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
869
|
8.8 |
HIGH
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue ha…
New
|
CWE-89
SQL Injection
|
CVE-2026-39951
|
2026-06-26 00:09 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
870
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.3…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-39897
|
2026-06-26 00:04 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
