Lucene search
+L

32 matches found

debiancve
debiancve
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13921

Insufficient validation of untrusted input in DeviceBoundSessionCredentials in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00319EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/30 12:0 a.m.11 views

PT-2026-54198

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input in DeviceBoundSessionCredentials allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a...

9.6CVSS6AI score0.00413EPSS
Exploits0References448
mscve
mscve
added 2026/06/27 12:46 a.m.44 views

Chromium: CVE-2026-13021 Inappropriate implementation in DeviceBoundSessionCredentials

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS5.8AI score0.00143EPSS
Exploits0
nvd
nvd
added 2026/06/24 7:17 p.m.9 views

CVE-2026-13021

Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00143EPSS
Exploits0References2
debiancve
debiancve
added 2026/06/24 6:43 p.m.5 views

CVE-2026-13021

Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.9AI score0.00143EPSS
Exploits0
cve
cve
added 2026/06/24 4:30 p.m.10 views

CVE-2026-53094

The CVE affects the Linux kernel BPF/JIT path for dev-bound-only XDP programs. When constant blinding is enabled (bpf_jit_harden >= 2), bpf_jit_blind_constants() clones the program and bpf_jit_prog_release_other() frees the original, but offload->prog isn’t updated, leaving a stale pointer....

7.8CVSS5.8AI score0.00128EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.17 views

PT-2026-52039

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An inappropriate implementation in DeviceBoundSessionCredentials allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document ...

4.3CVSS5.8AI score0.00143EPSS
Exploits0References6
nessus
nessus
added 2026/06/24 12:0 a.m.22 views

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in WebG...

9.6CVSS5.8AI score0.0026EPSS
Exploits1References37
nessus
nessus
added 2026/06/24 12:0 a.m.75 views

Google Chrome < 149.0.7827.196 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 149.0.7827.196. It is, therefore, affected by multiple vulnerabilities as referenced in the 202606stable-channel-update-for-desktop0482630350 advisory. - Use after free in Autofill. CVE-2026-13038 - Use after free in...

9.6CVSS5.8AI score0.0026EPSS
Exploits1References37
redhatcve
redhatcve
added 2026/05/01 4:9 p.m.7 views

CVE-2026-43007

A flaw was found in the accel/qaic component of the Linux kernel. When a user process terminates before the device's deactivation transaction for a Device-Bound Context DBC is fully processed, the host system can become out of sync with available DBCs. This can lead to a denial of service, where ...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
hackread
hackread
added 2026/04/11 12:11 p.m.8 views

Google Chrome Update Disrupts Infostealer Cookie Theft

Google adds Device Bound Session Credentials DBSC to Chrome 146, using hardware keys to block infostealer use of stolen session cookies on Windows...

5.8AI score
Exploits0
thn
thn
added 2026/04/10 7:58 a.m.9 views

Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows

Google has made Device Bound Session Credentials DBSC generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in a...

5.8AI score
Exploits0
nessus
nessus
added 2026/01/16 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004130)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004130 advisory. A flaw was found in the Linux kernel's vfio interface implementation that permits violation of the user's locked memory limit. If a device is bound to a vfio driver,...

5.5CVSS6.2AI score0.00538EPSS
Exploits0References24
packetstormnews
packetstormnews
added 2025/11/27 12:0 a.m.8 views

Abacre Restaurant Point of Sale Insecure Storage

All versions of Abacre Restaurant Point of Sale POS up to 15.0.0.1656 leave device-bound license keys in process memory insecurely...

6.9AI score0.00214EPSS
Exploits2
redhatcve
redhatcve
added 2025/10/28 12:27 a.m.22 views

CVE-2025-60791

Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory. The application leaves valid device-bound license keys in process memory after a failed activation attempt. The keys can be obtained by attaching a debugger or analyzing the process/memory dump an...

6.2CVSS6.8AI score0.00099EPSS
Exploits1References1
euvd
euvd
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-5977

Malicious code in bioql PyPI...

7.2AI score0.00181EPSS
Exploits0References5
thn
thn
added 2025/07/30 9:21 a.m.3 views

Google Launches DBSC Open Beta in Chrome and Enhances Patch Transparency via Project Zero

Google has announced that it's making a security feature called Device Bound Session Credentials DBSC in open beta to ensure that users are safeguarded against session cookie theft attacks. DBSC, first introduced as a prototype in April 2024, is designed to bind authentication sessions to a devic...

6.6AI score
Exploits0
astralinux
astralinux
added 2025/06/16 11:28 a.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: xdp: Devices-bound programs are not allowed to be attached in the generic mode. Device-bound programs are used to support RX metadata kfuncs. These kfuncs are specific to each driver and rely on the driver’s context to read...

5.5CVSS6.2AI score0.00181EPSS
Exploits0References3
mscve
mscve
added 2025/03/08 8:0 a.m.5 views

iommu/arm-smmu: Defer probe of clients after smmu device bound

...

4.7CVSS7.2AI score0.00159EPSS
Exploits0
susecve
susecve
added 2025/03/01 2:52 a.m.6 views

SUSE CVE-2025-21808

In the Linux kernel, the following vulnerability has been resolved: net: xdp: Disallow attaching device-bound programs in generic mode Device-bound programs are used to support RX metadata kfuncs. These kfuncs are driver-specific and rely on the driver context to read the metadata. This means the...

5.5CVSS7.5AI score0.00181EPSS
Exploits0References15
Rows per page
Query Builder