|
2081
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation …
|
CWE-601
Open Redirect
|
CVE-2026-10856
|
2026-06-8 22:59 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2082
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11263
|
2026-06-8 22:58 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2083
|
7.5 |
HIGH
Network
|
microsoft
|
copilot_chat
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a netw…
|
CWE-74
Injection
|
CVE-2026-47644
|
2026-06-8 22:57 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2084
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination w…
|
CWE-601
Open Redirect
|
CVE-2026-10861
|
2026-06-8 22:56 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2085
|
8.8 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
|
CWE-77
Command Injection
|
CVE-2026-45497
|
2026-06-8 22:55 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2086
|
6.5 |
MEDIUM
Network
|
misp
|
misp
|
A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-10860
|
2026-06-8 22:54 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2087
|
7.5 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-42824
|
2026-06-8 22:52 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2088
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11027
|
2026-06-8 22:45 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2089
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-11030
|
2026-06-8 22:44 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2090
|
8.8 |
HIGH
Network
|
7-zip
|
7-zip
|
7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCu…
|
CWE-190
CWE-787
Integer Overflow or Wraparound
Out-of-bounds Write
|
CVE-2026-48095
|
2026-06-8 22:40 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
