VYPR

CVEs

82,359 total · page 28 of 1,648

  • CVE-2026-21030HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions.

  • CVE-2026-21029HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations.

  • CVE-2026-11347HigJun 5, 2026
    risk 0.55cvss epss 0.00

    The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with…

  • CVE-2026-11332HigJun 5, 2026
    risk 0.44cvss 7.8epss 0.00

    A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency specifications from a role's meta/requirements.yml file. Due to improper neutralization of argument delimiters, a malicious role author can inject arbitrary git configuration flags…

  • CVE-2026-21837HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.01

    HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API.  An attacker may execute arbitrary operating system commands, typically inheriting the privileges of the vulnerable application, which could possibly lead to a…

  • CVE-2026-50593HigJun 5, 2026
    risk 0.40cvss 7.3epss 0.00

    Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.

  • CVE-2026-41567HigJun 5, 2026
    risk 0.47cvss 7.2epss 0.00

    Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries…

  • CVE-2026-11307HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11306HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11305HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11304HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11303HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11301HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-11297HigJun 5, 2026
    risk 0.50cvss 7.7epss 0.00

    Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11296HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11295HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11279HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11272HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11269HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2026-11265HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11262HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11256HigJun 5, 2026
    risk 0.54cvss 8.3epss 0.00

    Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11255HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11248HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11242HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11241HigJun 5, 2026
    risk 0.52cvss 8.0epss 0.00

    Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11239HigJun 5, 2026
    risk 0.49cvss 7.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-10877HigJun 5, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php of the component Admin Login. Such manipulation of the argument Username leads to sql injection. The attack…

  • CVE-2026-10586HigJun 5, 2026
    risk 0.47cvss 7.2epss 0.00

    The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 6.1.3 via the `save_ai_generated_image()` function. This makes it possible for authenticated…

  • CVE-2026-45497HigJun 4, 2026
    risk 0.50cvss 7.7epss 0.00

    Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

  • CVE-2026-20245HigKEVJun 4, 2026
    risk 0.63cvss 7.8epss 0.25

    A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands…

  • CVE-2026-11237HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11236HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11235HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11231HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)

  • CVE-2026-11230HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-11224HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)

  • CVE-2026-11211HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11202HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11201HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-11191HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11188HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11185HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

  • CVE-2026-11179HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11177HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11175HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11173HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11172HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11171HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-11170HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)