|
1611
|
8.6 |
HIGH
Network
|
vertex-app
|
vertex
|
Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.…
|
CWE-22
Path Traversal
|
CVE-2024-40646
|
2026-06-8 22:59 |
2026-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1612
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation …
|
CWE-601
Open Redirect
|
CVE-2026-10856
|
2026-06-8 22:59 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1613
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-11263
|
2026-06-8 22:58 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1614
|
7.5 |
HIGH
Network
|
microsoft
|
copilot_chat
|
Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a netw…
|
CWE-74
Injection
|
CVE-2026-47644
|
2026-06-8 22:57 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1615
|
6.1 |
MEDIUM
Network
|
misp
|
misp
|
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination w…
|
CWE-601
Open Redirect
|
CVE-2026-10861
|
2026-06-8 22:56 |
2026-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1616
|
8.8 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.
|
CWE-77
Command Injection
|
CVE-2026-45497
|
2026-06-8 22:55 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1617
|
6.5 |
MEDIUM
Network
|
misp
|
misp
|
A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e…
|
CWE-863
Incorrect Authorization
|
CVE-2026-10860
|
2026-06-8 22:54 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1618
|
7.5 |
HIGH
Network
|
microsoft
|
copilot
|
Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.
|
CWE-77
Command Injection
|
CVE-2026-42824
|
2026-06-8 22:52 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1619
|
6.5 |
MEDIUM
Network
|
google
|
chrome
|
Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H…
|
CWE-20
NVD-CWE-noinfo
Improper Input Validation
|
CVE-2026-11027
|
2026-06-8 22:45 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1620
|
8.8 |
HIGH
Network
|
google
|
chrome
|
Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium)
|
CWE-416
Use After Free
|
CVE-2026-11030
|
2026-06-8 22:44 |
2026-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
