CVE-2026-10939

An use after free flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503502607...

Chromium: CVE-2026-10939 Use after free in WebRTC

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-10939

creationtimestamp| type| source ---|---|--- 2026-06-05 13:23:35+00:00| seen| https://infosec.exchange/users/cR0w/statuses/116697713800926918 2026-06-07 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260608 2026-06-07 18:00:00+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2026-10939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

CVE-2026-10939

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10939

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-10939

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2020-10939

Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation...

CVE-2025-10939 vulnerabilities

Vulnerabilities for packages: keycloak...

Keycloak Admin Path Traversal Vulnerability (CVE-2025-10939)

The version of Keycloak installed on the remote host is affected by a path traversal vulnerability. A flaw was found in Keycloak where the /admin path can be accessed using relative/non-normalized paths e.g., /realms/../admin/, bypassing proxy restrictions recommended in the Keycloak guides. This...

CVE-2025-10939

creationtimestamp| type| source ---|---|--- 2025-10-28 06:51:29+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3m4adt2ksa62u...

de.arbeitsagentur.opdt:keycloak-cassandra-model-tests (>=4.1.0-26.0 <=5.4.3-26.2), net.optionfactory.keycloak:optionfactory-keycloak-providers (>=8.1 <=8.9) +21 more potentially affected by CVE-2025-10939 via org.keycloak:keycloak-quarkus-server (>=26.0.0 <=26.3.5)

org.keycloak:keycloak-quarkus-server MAVEN version =26.0.0, =4.1.0-26.0, =8.1, =26.3.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26...

CVE-2025-10939

Keycloak is affected by a path traversal vulnerability (CVE-2025-10939) that can expose the admin console path via relative or non-normalized URLs (e.g., /realms/../admin/), potentially bypassing proxy restrictions intended to block /admin. Multiple sources (including GHSA entry and Nessus plugin...

CVE-2025-10939 Org.keycloak/keycloak-quarkus-server: unable to restrict access to the admin console

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

CVE-2025-10939

A flaw was found in Keycloak. The Keycloak guides recommend to not expose /admin path to the outside in case the installation is using a proxy. The issue occurs at least via ha-proxy, as it can be tricked to using relative/non-normalized paths to access the /admin application path relative to...

CVE-2019-10939

A vulnerability has been identified in TIM 3V-IE incl. SIPLUS NET variants All versions V2.8, TIM 3V-IE Advanced incl. SIPLUS NET variants All versions V2.8, TIM 3V-IE DNP3 incl. SIPLUS NET variants All versions V3.3, TIM 4R-IE incl. SIPLUS NET variants All versions V2.8, TIM 4R-IE DNP3 incl...

CVE-2024-10939

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10939

creationtimestamp| type| source ---|---|--- 2024-12-13 06:10:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113644024668514441 2024-12-13 08:14:26+00:00| seen| https://t.me/cvedetector/12831...

CVE-2024-10939

CVE-2024-10939 affects the Image Widget WordPress plugin prior to 4.4.11. The flaw is improper sanitization/escaping of certain Image Widget settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). Red Hat, NVD/NIS...

CVE-2024-10939 Image Widget < 4.4.11 - Admin+ Stored XSS

The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...