|
671
|
7.1 |
HIGH
Adjacent
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension …
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-8874
|
2026-06-6 05:47 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
672
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no …
|
NVD-CWE-noinfo
|
CVE-2026-8881
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
673
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A…
|
CWE-917
CWE-1333
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Inefficient Regular Expression Complexity
|
CVE-2026-8888
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
674
|
7.5 |
HIGH
Network
|
securly
|
securly
|
Version 3.0.7 of the Securly Chrome Extension uses deprecated SHA-1 hashing for IWF CSAM URL matching (25,020 hashes) and CIPA blocklist matching (12,352 hashes).
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-8889
|
2026-06-6 05:46 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
675
|
8.2 |
HIGH
Network
|
mosaic5g
|
flexric
|
FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xapp_ids by sending multiple E42_SETUP_REQUESTs. On disconnect, only the first registered xapp_id's resources are cleaned up; subsequen…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-37234
|
2026-06-6 05:42 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
676
|
7.8 |
HIGH
Local
|
trustedfirmware
|
op-tee
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior …
|
CWE-416
Use After Free
|
CVE-2026-40290
|
2026-06-6 05:20 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
677
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of the `<video-p…
|
CWE-79
CWE-116
Cross-site Scripting
Improper Encoding or Escaping of Output
|
CVE-2026-46496
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
678
|
- |
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `hmacBase64()` function in the HAXcms Node.js backend contains two critical cryptographic implementat…
|
CWE-200
CWE-321
CWE-327
Information Exposure
Use of Hard-coded Cryptographic Key
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2026-46395
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
679
|
8.7 |
HIGH
Network
|
-
|
-
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the file…
|
CWE-178
CWE-434
Improper Handling of Case Sensitivity
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-46392
|
2026-06-6 05:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
680
|
4.3 |
MEDIUM
Network
|
misp
|
misp
|
A visibility control issue in the event template creation workflow allowed non-site-admin users to access private galaxies belonging to other organisations. The event template builder loaded all enab…
|
CWE-200
Information Exposure
|
CVE-2026-10854
|
2026-06-6 04:51 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
