|
1641
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a cra…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11658
|
2026-06-11 03:30 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1642
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page…
|
CWE-20
Improper Input Validation
|
CVE-2026-11653
|
2026-06-11 03:29 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1643
|
5.5 |
MEDIUM
Local
|
cilium
|
ebpf
|
A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipul…
|
CWE-189
CWE-190
Numeric Errors
Integer Overflow or Wraparound
|
CVE-2026-10722
|
2026-06-11 03:28 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1644
|
7.8 |
HIGH
Local
|
synology
|
active_backup_for_business_recovery_media_creator
|
An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2022-49036
|
2026-06-11 03:20 |
2026-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1645
|
5.3 |
MEDIUM
Local
|
lmsys
|
sglang
|
A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service.…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2026-10775
|
2026-06-11 03:19 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1646
|
- |
|
-
|
-
|
An OS
command injection vulnerability exists in the VPN module of TP-Link Archer AX12
v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an
adjacent, authenticated attacker to e…
|
CWE-78
OS Command
|
CVE-2026-9151
|
2026-06-11 03:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1647
|
2.7 |
LOW
Network
|
-
|
-
|
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This…
|
CWE-1220
Insufficient Granularity of Access Control
|
CVE-2026-9088
|
2026-06-11 03:17 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1648
|
8.5 |
HIGH
Network
|
-
|
-
|
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety val…
|
CWE-269
CWE-732
Improper Privilege Management
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-50570
|
2026-06-11 03:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1649
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() valid…
|
CWE-20
Improper Input Validation
|
CVE-2026-50569
|
2026-06-11 03:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1650
|
3.6 |
LOW
Local
|
-
|
-
|
Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/ut…
|
CWE-41
Improper Resolution of Path Equivalence
|
CVE-2026-50568
|
2026-06-11 03:17 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
