|
2051
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…
|
CWE-416
Use After Free
|
CVE-2026-11634
|
2026-06-10 01:56 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2052
|
8.3 |
HIGH
Network
|
google
|
chrome
|
Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…
|
CWE-416
Use After Free
|
CVE-2026-11635
|
2026-06-10 01:56 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2053
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption …
|
CWE-416
Use After Free
|
CVE-2026-11636
|
2026-06-10 01:50 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2054
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
|
CWE-416
Use After Free
|
CVE-2026-11637
|
2026-06-10 01:49 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2055
|
8.8 |
HIGH
Network
|
samlify_project
|
samlify
|
samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:Attribut…
|
CWE-91
Blind XPath Injection
|
CVE-2026-46490
|
2026-06-10 01:48 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2056
|
7.1 |
HIGH
Network
|
snipeitapp
|
snipe-it
|
Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the …
|
CWE-863
Incorrect Authorization
|
CVE-2026-48507
|
2026-06-10 01:41 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2057
|
9.8 |
CRITICAL
Network
|
apache
|
http_server
|
Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are recommended to upgrade to…
|
CWE-416
Use After Free
|
CVE-2026-29167
|
2026-06-10 01:29 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2058
|
6.1 |
MEDIUM
Network
|
apache
|
http_server
|
A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers…
|
CWE-79
Cross-site Scripting
|
CVE-2026-29170
|
2026-06-10 01:21 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2059
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend.
Users are recommended to upgrade to version 2.4.68, which fixes this issue.
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-34355
|
2026-06-10 01:20 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2060
|
8.8 |
HIGH
Network
|
dlink
|
dwr-m920_firmware
|
A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in …
|
CWE-74
CWE-77
Injection
Command Injection
|
CVE-2026-11339
|
2026-06-10 01:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
