Lucene search
K

5862 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-54431 Improper Data Validation in liboauth2

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS0.00128EPSS
Exploits0References3
CVE
CVE
added 4 days ago12 views

CVE-2026-54431

CVE-2026-54431 affects the liboauth2 DPoP verifier. The bug allows a DPoP proof whose JWK header embeds private key material to be accepted, violating RFC 9449 section 4.3 step 7, because the function oauth2_token_verify() returns success for a malformed DPoP proof that embeds the private EC key ...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40650

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00272EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40494

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: High...

4.6CVSS5.8AI score0.00134EPSS
Exploits0References3
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
NVD
NVD
added 6 days ago5 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00251EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-13976

Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8CVSS0.0018EPSS
Exploits0References2
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References1
OSV
OSV
added 6 days ago2 views

DEBIAN-CVE-2026-13808

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: High...

4.6CVSS5.8AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-13808

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: High...

4.6CVSS0.00134EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00251EPSS
Exploits0
CVE
CVE
added 6 days ago9 views

CVE-2026-14118

Chrome DevTools in Google Chrome suffers from insufficient data validation , allowing a remote attacker to leak cross-origin data if a user is coerced into specific UI gestures on a crafted HTML page. Affected versions are prior to 150.0.7871.47 . Mitigation: upgrade to 150.0.7871.47 or later. CV...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 6 days ago21 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00251EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00229EPSS
Exploits0
Cvelist
Cvelist
added 6 days ago22 views

CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00229EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-13976

Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8CVSS5.8AI score0.0018EPSS
Exploits0
Debian CVE
Debian CVE
added 6 days ago3 views

CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00272EPSS
Exploits0
CVE
CVE
added 6 days ago12 views

CVE-2026-13962

CVE-2026-13962 affects Google Chrome (Chromium-based) prior to 150.0.7871.47. The issue is insufficient data validation in PDF handling within the renderer process, allowing a remote attacker who has already compromised the renderer to bypass navigation restrictions via a crafted HTML page. The o...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References2Affected Software1
CVE
CVE
added 6 days ago13 views

CVE-2026-13808

Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47 is affected by insufficient data validation that could allow a local attacker to read potentially sensitive information from process memory with physical device access. The issue is addressed in the Chrome 150/151 stable updates...

4.6CVSS5.8AI score0.00134EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago4 views

PT-2026-54393

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient data validation in DevTools allows a remote attacker to leak cross-origin data through a crafted HTML page, provided the attacker can convince a user to perform specific UI...

6.5CVSS6AI score0.00251EPSS
Exploits0References5
Rows per page
Query Builder