|
3701
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows att…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36784
|
2026-06-11 04:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3702
|
7.5 |
HIGH
Network
|
-
|
-
|
Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and…
|
CWE-121
Stack-based Buffer Overflow
|
CVE-2026-36779
|
2026-06-11 04:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3703
|
9.1 |
CRITICAL
Network
|
-
|
-
|
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
|
CWE-287
Improper Authentication
|
CVE-2026-36727
|
2026-06-11 04:16 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3704
|
5.4 |
MEDIUM
Network
|
google
|
chrome
|
Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low)
|
CWE-451
User Interface (UI) Misrepresentation of Critical Information
|
CVE-2026-11232
|
2026-06-11 04:11 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3705
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)
|
CWE-416
Use After Free
|
CVE-2026-11230
|
2026-06-11 04:09 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3706
|
6.1 |
MEDIUM
Physics
|
google
|
chrome
|
Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security sever…
|
CWE-269
Improper Privilege Management
|
CVE-2026-11229
|
2026-06-11 04:09 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3707
|
4.3 |
MEDIUM
Network
|
-
|
-
|
In Splunk SOAR (Security Orchestration, Automation, and Response) versions below 8.5.0, an unauthenticated attacker could inject American National Standards Institute (ANSI) escape codes into SOAR ap…
|
CWE-117
Improper Output Neutralization for Logs
|
CVE-2026-20260
|
2026-06-11 03:36 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3708
|
10.0 |
CRITICAL
Network
|
-
|
-
|
Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in privilege escalation. Exploitation of this i…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-47938
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3709
|
7.3 |
HIGH
Local
|
-
|
-
|
OS command injection in the NodejsFunction local bundling pipeline in aws-cdk-lib before 2.245.0 (2.246.0 on Windows) might allow an actor who controls the value of one or more bundling properties (e…
|
CWE-78
OS Command
|
CVE-2026-11417
|
2026-06-11 03:35 |
2026-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3710
|
6.4 |
MEDIUM
Network
|
-
|
-
|
The Animation Addons for Elementor – GSAP Powered Elementor Addons & Website Templates plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the multiple parameters in all v…
|
CWE-79
Cross-site Scripting
|
CVE-2025-8444
|
2026-06-11 03:35 |
2026-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
