Common Vulnerabilities and Exposures (CVE)

CVE-2025-4285

Jun 5, 2026 17:29:06 UTC

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolantis Information Technologies Agentis allows SQL Injection. This issue affects Agentis: before 4.32.

CVE-2026-11162

Jun 5, 2026 17:29:04 UTC

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-11163

Jun 5, 2026 17:26:52 UTC

Use after free in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2025-4294

Jun 5, 2026 17:26:49 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HotelRunner B2B allows Cross-Site Scripting (XSS). This issue affects B2B: before 04.06.2025.

CVE-2026-11165

Jun 5, 2026 17:25:38 UTC

Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-8714

Jun 5, 2026 17:25:13 UTC

A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input.  Crafted inputs can trigger a processing error, causing the RTSP service to enter non-r...

CVE-2025-4295

Jun 5, 2026 17:24:53 UTC

Improper Validation of Certificate with Host Mismatch vulnerability in HotelRunner B2B allows HTTP Response Splitting. This issue affects B2B: before 04.06.2025.

CVE-2026-11166

Jun 5, 2026 17:22:36 UTC

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Medium)

CVE-2026-11167

Jun 5, 2026 17:18:59 UTC

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit...

CVE-2019-7386

Jun 5, 2026 17:17:52 UTC

A Denial of Service issue has been discovered in the Gecko component of KaiOS 2.5 10.05 (platform 48.0.a2) on Nokia 8810 4G devices. When a crafted web page is visited with the internal browser, the Gecko process crashes with a segfault. Su...

CVE-2026-11168

Jun 5, 2026 17:16:40 UTC

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (...

CVE-2026-11344

Jun 5, 2026 17:15:10 UTC

A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipulation of the argument photo results in u...

CVE-2026-11169

Jun 5, 2026 17:14:04 UTC

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted XML file. (Chromium security severity: Medium)

CVE-2026-11170

Jun 5, 2026 17:10:41 UTC

Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium security severity: Medium)

CVE-2026-11172

Jun 5, 2026 17:09:10 UTC

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)