๐จ CVE-2026-11682
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 149.0.7827.102/.103 for Windows and Mac and 149.0.7827.102 for Linux, which will roll out over the ...
๐จ CVE-2026-24064
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.
๐@cveNotify
Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2.
๐@cveNotify
๐จ CVE-2026-38615
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
๐@cveNotify
DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php.
๐@cveNotify
GitHub
CMS/1.docx at main ยท Bul11et/CMS
Contribute to Bul11et/CMS development by creating an account on GitHub.
๐จ CVE-2026-45447
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.
Impact summary: A use-after-free may result in process crashes, heap
corruption, or potentially remote code execution.
When processing a PKCS#7 or S/MIME signed message, if the SignedData
digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may
incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent
use of the BIO by the calling application results in a use-after-free
condition.
In the common case this occurs when the application later calls
BIO_free() on the BIO originally passed to PKCS7_verify(). Depending
on allocator behavior and application-specific BIO usage patterns, this
may result in a crash or other memory corruption. In some application
contexts this may potentially be exploitable for remote code execution.
Applications that process PKCS#7 or S/MIME signed messages using OpenSSL
PKCS#7 APIs may be affected. Applications using the CMS APIs for this
processing are not affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
๐@cveNotify
Issue summary: A specially crafted PKCS#7 or S/MIME signed message could
trigger a use-after-free during PKCS#7 signature verification.
Impact summary: A use-after-free may result in process crashes, heap
corruption, or potentially remote code execution.
When processing a PKCS#7 or S/MIME signed message, if the SignedData
digestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may
incorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent
use of the BIO by the calling application results in a use-after-free
condition.
In the common case this occurs when the application later calls
BIO_free() on the BIO originally passed to PKCS7_verify(). Depending
on allocator behavior and application-specific BIO usage patterns, this
may result in a crash or other memory corruption. In some application
contexts this may potentially be exploitable for remote code execution.
Applications that process PKCS#7 or S/MIME signed messages using OpenSSL
PKCS#7 APIs may be affected. Applications using the CMS APIs for this
processing are not affected.
The FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this
issue, as the affected code is outside the OpenSSL FIPS module boundary.
๐@cveNotify
GitHub
Fix possible use-after-free in OpenSSL PKCS7_verify() ยท openssl/openssl@3aad5eb
Fixes CVE-2026-45447
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon Jun 8 20:22:50 2026
(cherry...
Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.foundation>
MergeDate: Mon Jun 8 20:22:50 2026
(cherry...
๐จ CVE-2026-47641
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-47935
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
๐@cveNotify
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. Scope is changed.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB26-24
๐จ CVE-2026-47936
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.
๐@cveNotify
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB26-24
๐จ CVE-2026-48574
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
๐@cveNotify
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
๐@cveNotify
๐จ CVE-2026-48575
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
๐จ CVE-2026-48576
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
๐จ CVE-2026-48578
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
๐@cveNotify
๐จ CVE-2026-48583
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
๐@cveNotify
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
๐@cveNotify
๐จ CVE-2026-49841
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.
๐@cveNotify
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1.
๐@cveNotify
GitHub
Release FreeSWITCH v1.11.1 Release ยท signalwire/freeswitch
This is an important release containing critical security fixes and stability improvements, alongside the new reloadcert API for hot TLS certificate reloads without disconnects across mod_sofia and...
๐จ CVE-2025-55651
A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
๐@cveNotify
A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.
๐@cveNotify
Infosec Exchange
sigdevel (@sigdevel@infosec.exchange)
Attached: 1 image
Security Advisory: CVE-2025-55651 - NULL Pointer Dereference in GPAC MP4Box
Processing a crafted or truncated MP4 file with `MP4Box` can trigger a NULL pointer dereference in `gf_isom_get_user_data_count()`, causing a Denial of Service.โฆ
Security Advisory: CVE-2025-55651 - NULL Pointer Dereference in GPAC MP4Box
Processing a crafted or truncated MP4 file with `MP4Box` can trigger a NULL pointer dereference in `gf_isom_get_user_data_count()`, causing a Denial of Service.โฆ
๐จ CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.
๐@cveNotify
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.
๐@cveNotify
GitHub
Vulnerabilities/agent-chat/vulnerability-3 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-36721
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
๐@cveNotify
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
๐@cveNotify
GitHub
Vulnerabilities/bookcars/vulnerability-2 at master ยท CC-T-454455/Vulnerabilities
Or2 | Or2 | Or2. Contribute to CC-T-454455/Vulnerabilities development by creating an account on GitHub.
๐จ CVE-2026-47639
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-47640
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2026-47641
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.
๐@cveNotify
๐จ CVE-2020-18169
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.
๐@cveNotify
A vulnerability in the Windows installer XML (WiX) toolset of TechSmith Snagit 19.1.1.2860 allows attackers to escalate privileges. NOTE: Exploit of the Snagit installer would require the end user to ignore other safety mechanisms provided by the Host OS. See reference document for more details.
๐@cveNotify
Google Docs
Disputed CVEs
Note: 9 June 2026 TechSmith is in the process of shutting down its Google Workspace. Our dispute documentation for CVEs 2020-18169 and 2020-18171 has been migrated to: https://github.com/TechSmith/TSC-Security-Public/blob/main/advisories/2020/CVE-2020-18169โฆ
๐จ CVE-2020-18171
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details.
๐@cveNotify
TechSmith Snagit 19.1.0.2653 uses Object Linking and Embedding (OLE) which can allow attackers to obfuscate and embed crafted files used to escalate privileges. NOTE: This implies that Snagit's use of OLE is a security vulnerability unto itself and it is not. See reference document for more details.
๐@cveNotify
Google Docs
Disputed CVEs
Note: 9 June 2026 TechSmith is in the process of shutting down its Google Workspace. Our dispute documentation for CVEs 2020-18169 and 2020-18171 has been migrated to: https://github.com/TechSmith/TSC-Security-Public/blob/main/advisories/2020/CVE-2020-18169โฆ