Lucene search
K

470 matches found

Cvelist
Cvelist
added 11 hours ago11 views

CVE-2026-11883 WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...

Exploits0References1
Cvelist
Cvelist
added 13 hours ago5 views

CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS
Exploits0References2
EUVD
EUVD
added 16 hours ago4 views

EUVD-2026-40575

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS
Exploits0References2
Debian CVE
Debian CVE
added yesterday3 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score
Exploits0
Cvelist
Cvelist
added yesterday13 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday14 views

CVE-2026-13889

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
Cvelist
Cvelist
added yesterday15 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
Debian CVE
Debian CVE
added yesterday4 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0
CVE
CVE
added yesterday7 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-13029

An use after free flaw was found in the Web Authentication component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=521495992...

7.5CVSS5.7AI score0.00149EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to...

7.5CVSS5.8AI score0.00149EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 4 days ago9 views

Chromium: CVE-2026-13029 Use after free in Web Authentication

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.5CVSS5.8AI score0.00149EPSS
Exploits0
RedHat Linux
RedHat Linux
added 6 days ago4 views

keycloak: org.keycloak/keycloak-services: Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.8AI score0.00392EPSS
Exploits0References4
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-13029

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS5.9AI score0.00149EPSS
Exploits0References1
NVD
NVD
added last week9 views

CVE-2026-13029

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS0.00149EPSS
Exploits0References2
Cvelist
Cvelist
added last week34 views

CVE-2026-13029

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

0.00149EPSS
Exploits0References2
CVE
CVE
added last week22 views

CVE-2026-13029

CVE-2026-13029: Use-after-free in Web Authentication for Google Chrome, fixed in or after 149.0.7827.197. Affected component: Web Authentication flow; vulnerability arises when a user is convinced to install a malicious Chrome Extension, potentially enabling heap corruption via a crafted extensio...

7.5CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-39043

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS5.9AI score0.00149EPSS
Exploits0References2
Rows per page
Query Builder