6355 matches found
CVE-2026-15124
Affected product: Google Chrome. Vulnerability: Insufficient policy enforcement in Password handling leads to bypass of the same-origin policy via a crafted HTML page. Impact: remote attacker could bypass SOP within Chrome prior to version 150.0.7871.115 (Chromium base). Root cause: unclear beyon...
CVE-2026-3144
CVE-2026-3144 affects IBM API Connect 12.1.0.0 through 12.1.0.3. The root cause is the use of default credentials, which could enable an attacker to gain unauthorized access to the application before credentials are updated. The available documents confirm the affected product and the credential-...
GO-2026-5926 Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder
Coder's sub-agent app registration bypasses template port-sharing policy enforcement in github.com/coder/coder...
CVE-2026-28699
Gitea versions up to and including 1.26.1 allow OAuth2 access token scope enforcement to be bypassed through HTTP Basic authentication...
GHSA-3WQP-PRF6-2M72 OpenClaw: Feishu dynamic-agent bindings could miss configWrites enforcement
Summary Feishu dynamic-agent bindings could miss configWrites enforcement. In affected versions, a Feishu sender using dynamic-agent binding behavior could create or update bindings without honoring the configured config-write control. This advisory is scoped to the named feature and configuratio...
CVE-2026-53492
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI implementation, which allows Kubernetes to interact with container runtimes, improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during...
CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...
CVE-2026-14440 Cloudflare Universal SSL automatically managed CAA RRset supersedes customer-configured CAA records
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...
CVE-2026-14440
Description: To issue and renew TLS certificates on behalf of customers, Cloudflare's Universal SSL feature automatically manages the CAA RRset for the customer's zone. This auto-managed RRset is permissive by design e.g. 'issue "letsencrypt.org"' without parameters. On Universal SSL zones,...
CVE-2026-53492 containerd CRI checkpoint restore CDI annotation smuggling
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...
CVE-2026-53492
containerd is an open-source container runtime. In Versions prior to 2.3.2, 2.2.5 and 2.1.9, the CRI implementation improperly trusts Container Device Interface CDI annotations found within untrusted checkpoint image metadata during container restoration. When restoring a container from a...
EUVD-2026-40931
DVP80ES3 with Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability...
CVE-2026-14101
An insufficient policy enforcement flaw was found in the Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513454805...
EUVD-2026-40443
n8n before 2.8.0 contains an authentication bypass vulnerability allowing authenticated SSO users to disable SSO enforcement through the API. Attackers can create local password credentials to authenticate directly, bypassing organizational SSO policies and identity-provider-enforced multi-factor...
EUVD-2026-40842
Insufficient policy enforcement in StorageAccessAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40788
Insufficient policy enforcement in Sandbox in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40792
Insufficient policy enforcement in Speech in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40766
Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40773
Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40782
Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...