CVE-2026-11092

An insufficient policy enforcement flaw was found in the DevTools component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500170887...

CVE-2026-8568

An insufficient policy enforcement flaw was found in the AI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=488728570...

CVE-2026-5276

An insufficient policy enforcement flaw was found in the WebUSB component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489711638...

CVE-2026-3928

An insufficient policy enforcement flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=435980394...

EUVD-2018-17118

Malware in sbrugna...

EUVD-2020-27544

Malware in sbrugna...

CVE-2025-20264

Cisco ISE (Identity Services Engine) is affected by CVE-2025-20264, a vulnerability in the web-based management interface that allows an authenticated remote attacker to bypass authorization for specific administrative functions. The root cause is insufficient authorization enforcement for users ...

CVE-2025-6556

Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

Multifactor Authentication (MFA) Bypass

typo3/cms-backend is vulnerable to Multifactor Authentication MFA Bypass. The vulnerability is due to insufficient enforcement of access restrictions on backend routes, allowing MFA to be bypassed after successful authentication...

CVE-2025-22390

An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate...

CVE-2025-22390

Optimizely EPiServer.CMS.Core prior to 12.32.0 contains a password- policy weakness where passwords as short as 6 characters may be set due to insufficient complexity enforcement. This vulnerability could enable offline cracking or password spraying in theory, given weak password requirements. Af...

CVE-2021-37934

Due to insufficient server-side login-attempt limit enforcement, a vulnerability in /account/login in Huntflow Enterprise before 3.10.14 could allow an unauthenticated, remote user to perform multiple login attempts for brute-force password guessing...

Insufficient Policy Enforcement

chromium:edge has an insufficient policy enforcement in Content Security Policy...

Insufficient Policy Enforcement

chromium:edge has an insufficient policy enforcement in Content Security Policy...

OPENSUSE-SU-2020:2012-1 Security update for chromium

This update for chromium fixes the following issues: - Update to 87.0.4280.66 boo1178923 - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. -...

Cisco Unified Contact Center Express Improper API Authorization Vulnerability

A vulnerability in the API subsystem of Cisco Unified Contact Center Express Unified CCX could allow an authenticated, remote attacker to change the availability state of any agent. The vulnerability is due to insufficient authorization enforcement on an affected system. An attacker could exploit...

OPENSUSE-SU-2020:0389-1 Security update for chromium

This update for chromium to version 80.0.3987.149 fixes the following issues: Chromium was update to 80.0.3987.149 bsc1167090: - CVE-2020-6422: Fixed a use after free in WebGL. - CVE-2020-6424: Fixed a use after free in media. - CVE-2020-6425: Fixed an insufficient policy enforcement in extension...

CVE-2019-7904

Insufficient enforcement of user access controls in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could enable a low-privileged user to make unauthorized environment configuration changes...

CVE-2019-5832

Insufficient policy enforcement in XMLHttpRequest in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

CVE-2018-16075

Insufficient file type enforcement in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to obtain local file data via a crafted HTML page...