Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-5892

An insufficient policy enforcement flaw was found in the PWAs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=487568011...

EUVD-2026-20711

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-5892

Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. Chromium security severity: Medium...

CVE-2024-32986

PWAsForFirefox is a tool to install, manage and use Progressive Web Apps PWAs in Mozilla Firefox. Due to improper sanitization of web app properties such as name, description, shortcuts, web apps were able to inject additional lines into XDG Desktop Entries on Linux and AppInfo.ini on...

CVE-2023-48277

Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through = 2.2.21...

CVE-2023-48277 WordPress Super Progressive Web Apps plugin <= 2.2.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through = 2.2.21...

CVE-2023-48277 WordPress Super Progressive Web Apps plugin <= 2.2.21 - Broken Access Control vulnerability

Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps super-progressive-web-apps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Progressive Web Apps: from n/a through = 2.2.21...

WordPress plugin Super Progressive Web Apps 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

New Phishing Attacks Target Eastern European Bank Users on iOS and Android

Cybercriminals exploit Progressive Web Apps PWAs in the latest phishing scam, targeting mobile users in Czechia, Hungary, and…...

Super Progressive Web Apps < 2.2.22 - Missing Authorization

Description The Super Progressive Web Apps plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the superpwanewslettersubmit function hooked via a nopriv AJAX action in versions up to, and including, 2.2.21. This makes it possible for...

CVE-2023-37391

Cross-Site Request Forgery CSRF vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin = 3.4.1 versions...

CVE-2023-37391

CVE-2023-37391 is a Cross-Site Request Forgery (CSRF) vulnerability in the WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps, affecting versions

Super Progressive Web Apps < 2.1.13 - Authenticated (High Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, did not properly check for authorisation and the content of the uploaded archive file. This allows high privilege users admin+ to upload an archive with a PHP file, leading to RCE. v2.1.12...

Super Progressive Web Apps < 2.1.13 - Authenticated (High Privileged) Arbitrary File Upload to RCE

When the Apple Touch Icons & Splash Screen add-on is active, its superpwasplashscreenuploader AJAX action, did not properly check for authorisation and the content of the uploaded archive file. This allows high privilege users admin+ to upload an archive with a PHP file, leading to RCE. v2.1.12...

WordPress Super Progressive Web Apps plugin <= 2.1.12 - Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution (RCE)

Authenticated Arbitrary File Upload vulnerability leading to Remote Code Execution RCE discovered by WPScan Team in WordPress Super Progressive Web Apps plugin versions = 2.1.12. Solution Update the WordPress Super Progressive Web Apps plugin to the latest available version at least 2.1.13...

chromium-browser: Incorrect security UI in PWAs

Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 allowed a remote attacker who had persuaded the user to install a PWA to spoof the contents of the Omnibox URL bar via a crafted PWA...