|
4061
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security se…
|
CWE-284
Improper Access Control
|
CVE-2026-11274
|
2026-06-10 03:32 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4062
|
9.3 |
CRITICAL
Network
|
checkpoint
|
gaia_os
gaia_embedded
|
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish …
|
CWE-287
Improper Authentication
|
CVE-2026-50751
|
2026-06-10 03:30 |
2026-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4063
|
4.3 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…
|
CWE-284
Improper Access Control
|
CVE-2026-11277
|
2026-06-10 03:26 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4064
|
5.8 |
MEDIUM
Network
|
-
|
-
|
On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is …
|
CWE-1023
Incomplete Comparison with Missing Factors
|
CVE-2026-7473
|
2026-06-10 03:17 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4065
|
8.8 |
HIGH
Network
|
-
|
-
|
The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid I…
|
CWE-89
SQL Injection
|
CVE-2026-50636
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4066
|
8.8 |
HIGH
Network
|
-
|
-
|
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the d…
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-50635
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4067
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi…
|
CWE-862
Missing Authorization
|
CVE-2026-49956
|
2026-06-10 03:17 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4068
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
|
CWE-59
Link Following
|
CVE-2026-44275
|
2026-06-10 03:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4069
|
6.3 |
MEDIUM
Local
|
-
|
-
|
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…
|
CWE-1386
Insecure Operation on Windows Junction / Mount Point
|
CVE-2026-41116
|
2026-06-10 03:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4070
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …
|
CWE-125
CWE-787
Out-of-bounds Read
Out-of-bounds Write
|
CVE-2026-11645
|
2026-06-10 03:16 |
2026-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
