|
41
|
4.3 |
MEDIUM
Network
|
-
|
-
|
The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…
New
|
CWE-862
Missing Authorization
|
CVE-2026-7624
|
2026-06-6 14:16 |
2026-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
42
|
6.1 |
MEDIUM
Network
|
-
|
-
|
Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-11150
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
43
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me…
New
|
CWE-352
Origin Validation Error
|
CVE-2026-11148
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
44
|
9.6 |
CRITICAL
Network
|
-
|
-
|
Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-11146
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
45
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-362
Race Condition
|
CVE-2026-11145
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
46
|
8.8 |
HIGH
Network
|
-
|
-
|
Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Medium)
New
|
CWE-416
Use After Free
|
CVE-2026-11144
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
47
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information…
New
|
CWE-122
Heap-based Buffer Overflow
|
CVE-2026-11143
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
48
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-11142
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
49
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Uninitialized Use in Audio in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory v…
New
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-11141
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
50
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Out of bounds read in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process me…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-11140
|
2026-06-6 14:16 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
