Lucene search
K

6355 matches found

CVE
CVE
added yesterday5 views

CVE-2026-15124

Affected product: Google Chrome. Vulnerability: Insufficient policy enforcement in Password handling leads to bypass of the same-origin policy via a crafted HTML page. Impact: remote attacker could bypass SOP within Chrome prior to version 150.0.7871.115 (Chromium base). Root cause: unclear beyon...

6AI score
Exploits0References2
CVE
CVE
added yesterday7 views

CVE-2026-3144

CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The root cause is the use of default credentials, which could enable an attacker to gain unauthorized access to the application before credentials are updated. The available documents confirm the affected product and the credential-...

8.1CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2 days ago6 views

GO-2026-5926 Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder

Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References2
NVD
NVD
added 6 days ago5 views

CVE-2026-28699

Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication...

8.1CVSS0.00566EPSS
Exploits1References4
OSV
OSV
added last week4 views

GHSA-3WQP-PRF6-2M72 OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement

Summary Feishu dynamic-agent bindings could miss configWrites enforcement. In affected versions, a Feishu sender using dynamic-agent binding behavior could create or update bindings without honoring the configured config-write control. This advisory is scoped to the named feature and configuratio...

3.1CVSS6AI score0.00166EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week10 views

CVE-2026-53492

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...

9.6CVSS5.9AI score0.00412EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 10:35 p.m.27 views

CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS0.00135EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/07/01 10:35 p.m.9 views

CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:35 p.m.8 views

CVE-2026-14440

Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...

7.6CVSS5.7AI score0.00135EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/01 5:59 p.m.36 views

CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

8.4CVSS0.00412EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/07/01 5:59 p.m.8 views

CVE-2026-53492

containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...

9.6CVSS5.9AI score0.00412EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 7:1 a.m.7 views

EUVD-2026-40931

DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/01 6:10 a.m.8 views

CVE-2026-14101

An insufficient policy enforcement flaw was found in the Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513454805...

9.6CVSS5.7AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40443

n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...

6.3CVSS5.8AI score0.00258EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40842

Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.0021EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40788

Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40792

Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40766

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40773

Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.00303EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40782

Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00234EPSS
Exploits0References3
Rows per page
Query Builder