|
1721
|
- |
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, when ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, Gogs accepts the configured authentication header (default: X-WEBAUTH-USER) direc…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2026-25119
|
2026-06-26 03:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1722
|
7.5 |
HIGH
Network
|
-
|
-
|
An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
|
CWE-89
SQL Injection
|
CVE-2025-61027
|
2026-06-26 03:16 |
2026-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1723
|
7.5 |
HIGH
Network
|
google
|
chrome
|
Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a cr…
|
CWE-416
Use After Free
|
CVE-2026-13029
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1724
|
5.3 |
MEDIUM
Network
|
google
|
chrome
|
Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…
|
CWE-457
Use of Uninitialized Variable
|
CVE-2026-13030
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1725
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
|
CWE-416
Use After Free
|
CVE-2026-13031
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1726
|
9.6 |
CRITICAL
Network
|
google
|
chrome
|
Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…
|
CWE-416
Use After Free
|
CVE-2026-13032
|
2026-06-26 03:12 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1727
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity:…
|
CWE-125 CWE-787
Out-of-bounds Read Out-of-bounds Write
|
CVE-2026-13033
|
2026-06-26 03:11 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1728
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Gogs is an open source self-hosted Git service. Prior to 0.14.3, an open redirect vulnerability exists in Gogs where attacker-controlled redirect_to parameters can bypass validation, allowing redirec…
|
CWE-601
Open Redirect
|
CVE-2026-52802
|
2026-06-26 02:16 |
2026-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1729
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisall…
|
CWE-470 CWE-502
Unsafe Reflection Deserialization of Untrusted Data
|
CVE-2026-48517
|
2026-06-26 02:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1730
|
7.5 |
HIGH
Network
|
messagepack
|
messagepack
|
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter<TKey,TElement> constructs an internal Dictionary<TKey, IGrouping<TKey,TElement>> with the d…
|
CWE-407
Inefficient Algorithmic Complexity
|
CVE-2026-48516
|
2026-06-26 02:16 |
2026-06-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|