Lucene search
K

201 matches found

CVE
CVE
added 3 hours ago3 views

CVE-2026-56359

n8n prior to 2.8.0 contains a cross-site scripting vulnerability in the credential management flow. Authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields, enabling crafted credentials to cause the victim, who clicks the OAuth authorization button...

5.4CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40744

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40682

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0019EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.0019EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.103 views

CVE-2026-14057

CVE-2026-14057 affects Google Chrome where an inappropriate FedCM implementation allows a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected versions are Chrome before 150.0.7871.47; the vulnerability stems from the FedCM component’s incorrect handling, enabling cr...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.20 views

CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

0.00181EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.4 views

CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:38 p.m.14 views

CVE-2026-13994

CVE-2026-13994 describes an issue in Google Chrome on Android related to Credential Management: an inappropriate implementation allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability affects Chrome versions prior to 150.0.7871.47 (Chromium security severity: Me...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.22 views

CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

0.0019EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.4 views

CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0019EPSS
Exploits0
NVD
NVD
added 2026/06/30 5:16 p.m.8 views

CVE-2026-58377

JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, update, and delete operations on OpenAPI credentials by accessing the OpenApiAuthController and OpenApiPermissionController endpoints which lack Shiro...

8.6CVSS0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 3:59 p.m.34 views

CVE-2026-58377 JeecgBoot 3.9.2 - Missing Authorization on OpenAPI Credential Management Endpoints Exposes Access/Secret Keys

JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, update, and delete operations on OpenAPI credentials by accessing the OpenApiAuthController and OpenApiPermissionController endpoints which lack Shiro...

8.6CVSS0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54332

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Federated Credential Management FedCM API allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54270

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in Credential Management allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an attacker...

9.6CVSS6AI score0.00413EPSS
Exploits0References437
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Using “after free” in FedCM in Google Chrome before version 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00639EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Chromium

Before version 104.0.5112.101, using “after free” in FedCM via Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...

8.8CVSS7.3AI score0.02465EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Chromium

The use of “after free” in FedCM within Google Chrome before version 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.01251EPSS
Exploits1References2
Rows per page
Query Builder