|
2381
|
6.0 |
MEDIUM
Network
|
arista
|
ng_firewall
|
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators c…
|
CWE-78
OS Command
|
CVE-2026-25623
|
2026-06-9 04:10 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2382
|
4.8 |
MEDIUM
Network
|
arista
|
ng_firewall
|
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated use…
|
CWE-79
Cross-site Scripting
|
CVE-2026-25624
|
2026-06-9 04:08 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2383
|
7.4 |
HIGH
Network
|
asynchttpclient_project
|
async-http-client
|
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch pri…
|
CWE-200
Information Exposure
|
CVE-2026-45300
|
2026-06-9 03:37 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2384
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11022
|
2026-06-9 03:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2385
|
7.8 |
HIGH
Local
|
x.org
redhat
|
x_server
xwayland
enterprise_linux
|
A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function Ch…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-50259
|
2026-06-9 03:28 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2386
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted…
|
CWE-284
Improper Access Control
|
CVE-2026-11017
|
2026-06-9 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2387
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi…
|
CWE-602
Client-Side Enforcement of Server-Side Security
|
CVE-2026-11018
|
2026-06-9 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2388
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted…
|
CWE-290
CWE-451
Authentication Bypass by Spoofing
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11019
|
2026-06-9 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2389
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)
|
CWE-346
CWE-352
Origin Validation Error
Origin Validation Error
|
CVE-2026-11020
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2390
|
7.2 |
HIGH
Network
|
-
|
-
|
Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack…
|
CWE-79
Cross-site Scripting
|
CVE-2026-50232
|
2026-06-9 03:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
