63 matches found
CVE-2026-11058
An integer overflow flaw was found in the CredentialProvider component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498986406...
Chromium: CVE-2026-11058 Integer overflow in CredentialProvider
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-11058
Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. Chromium security severity: Medium...
DEBIAN-CVE-2026-11058
Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11058
Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11058
Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11058
Technical details for CVE-2026-11058 are not publicly available in the provided documents; monitor for updates.
CVE-2026-11058
Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform OS-level privilege escalation via a crafted HTML page. Chromium security severity: Medium...
PT-2026-46586
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An integer overflow exists in the CredentialProvider component on Windows. This allows a remote attacker who has already compromised the renderer process to achieve OS-level privilege...
CVE-2026-34361
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...
CVE-2026-34361
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...
CVE-2026-34361 HAPI FHIR: Unauthenticated SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, the FHIR Validator HTTP service exposes an unauthenticated "/loadIG" endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith...
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft
The FHIR Validator HTTP service exposes an unauthenticated /loadIG endpoint that makes outbound HTTP requests to attacker-controlled URLs. Combined with a startsWith URL prefix matching flaw in the credential provider ManagedWebAccessUtils.getServer, an attacker can steal authentication tokens...
CVE-2026-22694
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
CVE-2026-22694
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
CVE-2026-22694
Summary (CVE-2026-22694) : AliasVault for Android (versions 0.24.0–0.25.2) contained an incomplete validation flaw in the Android credential provider for passkey requests. Under certain local conditions, a malicious app could obtain a passkey response for a site it was not authorized to access be...
CVE-2026-22694 AliasVault is Missing Origin Validation in Android Passkey Credential Provider
AliasVault is a privacy-first password manager with built-in email aliasing. AliasVault Android versions 0.24.0 through 0.25.2 contained an issue in how passkey requests from Android apps were validated. Under certain local conditions, a malicious app could attempt to obtain a passkey response fo...
AliasVault 访问控制错误漏洞
AliasVault is an open source password manager from AliasVault. An Access Control Error vulnerability exists in AliasVault 0.25.2 and earlier versions, which stems from incomplete authentication of the calling app's identity, origin, and RP ID in the Android Credential Provider, and could lead to ...