|
421
|
9.9 |
CRITICAL
Network
|
-
|
-
|
An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts…
New
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-10523
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
422
|
10.0 |
CRITICAL
Network
|
-
|
-
|
An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
New
|
CWE-78
OS Command
|
CVE-2026-10520
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
423
|
6.7 |
MEDIUM
Local
|
-
|
-
|
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.…
New
|
CWE-1244
Internal Asset Exposed to Unsafe Debug Access Level or State
|
CVE-2025-67862
|
2026-06-10 01:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
424
|
9.1 |
CRITICAL
Network
|
-
|
-
|
Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks.
Catalyst::Plugin::Authentication does not automatically change the session id after aut…
New
|
CWE-384
Session Fixation
|
CVE-2009-10007
|
2026-06-10 01:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
425
|
9.1 |
CRITICAL
Network
|
apache
|
http_server
|
A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes.
User…
New
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-42535
|
2026-06-10 01:00 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
426
|
7.5 |
HIGH
Network
|
apache
|
http_server
|
Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content
This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.
Users are re…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-42536
|
2026-06-10 00:55 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
427
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HT…
Update
|
CWE-20
CWE-451
Improper Input Validation
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11286
|
2026-06-10 00:42 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
428
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Lo…
Update
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11285
|
2026-06-10 00:37 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
429
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…
Update
|
CWE-1300
CWE-203
Improper Protection of Physical Side Channels
Information Exposure Through Discrepancy
|
CVE-2026-11284
|
2026-06-10 00:27 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
430
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…
Update
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11282
|
2026-06-10 00:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
