Lucene search
K

482 matches found

CVE
CVE
added 4 days ago12 views

CVE-2026-55377

Technical details about CVE-2026-55377 are not publicly available in the provided documents. Monitor for updates.

8.1CVSS6.1AI score0.00259EPSS
Exploits0References4
OSV
OSV
added 4 days ago2 views

CVE-2026-55377 Logto: Account Center MFA management step-up bypass via WebAuthn registration verification

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, Logto's Account Center step-up check accepted any active verification record that belonged to the current user and had isVerified === true. A WebAuthn registration verification record for binding a new...

8.1CVSS6.1AI score0.00259EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/07/06 4:28 p.m.21 views

Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure

Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig. The vulnerability in question is CVE-2026-20896 CVSS score: 9.8, a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header...

9.8CVSS7.2AI score0.00783EPSS
Exploits4
Snyk
Snyk
added 2026/07/03 10:20 p.m.4 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass due to the default configuration of REVERSEPROXYTRUSTEDPROXIES allowing all sources. An attacker can gain unauthorized access by sending spoofed reverse-proxy authentication headers such as X-WEBAUTH-USER...

9.8CVSS7.4AI score0.00783EPSS
Exploits4References2
Cvelist
Cvelist
added 2026/07/01 6:0 a.m.41 views

CVE-2026-11883 WebAuthn Provider for Two Factor < 2.5.6 - 2FA Bypass

The WebAuthn Provider for Two Factor WordPress plugin before 2.5.6 does not correctly validate the second-factor authentication response, allowing an attacker who already knows a user's password to bypass the two-factor authentication requirement by submitting a malformed request...

0.00365EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.41 views

CVE-2026-7839 UltraVNC repeater ships hardcoded default admin password allowing unauthenticated admin access

UltraVNC repeater through 1.8.2.2 initializes the HTTP administration server with a hardcoded default password. In repeater/webgui/settings.c:197, when settings2.txt is absent on first run the repeater writes the literal string "adminadmi2" as the admin password via strcpyssavedpassword, 64,...

9.1CVSS0.00374EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40575

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00296EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.13 views

PT-2026-54479

Name of the Vulnerable Software and Affected Versions UltraVNC repeater versions prior to 1.8.2.3 Description An off-by-one error exists in the Base64 decode helper used for HTTP Basic authentication. The wi uudecode function in the file repeater/webgui/webutils.c uses a strict greater-than...

3.7CVSS6.1AI score0.00388EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-13889

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS0.00238EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.5 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00276EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:39 p.m.19 views

CVE-2026-14074

Google Chrome on iOS prior to 150.0.7871.47 is affected by a side-channel information leakage in WebAuthentication that can leak cross-origin data via a crafted HTML page. The issue affects Chrome’s WebAuthentication component; the public references place a Low severity (CVSS 3.1: 6.5, MEDIUM) an...

6.5CVSS5.8AI score0.00276EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.24 views

CVE-2026-14074

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.24 views

CVE-2026-13889

Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00296EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.19 views

CVE-2026-13862

CVE-2026-13862 affects Google Chrome on iOS (prior to 150.0.7871.47). The issue is insufficient policy enforcement in Web Authentication (Passkeys & Security Keys), allowing a privileged-network attacker to exfiltrate cross-origin data via a crafted HTML page. The vulnerability is described acros...

6.5CVSS5.8AI score0.00238EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.9 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00238EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.30 views

CVE-2026-13862

Insufficient policy enforcement in Web Authentication Passkeys & Security Keys in Google Chrome on iOS prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54166

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Side-channel information leakage in WebAuthentication allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Side-channel information leakage...

9.6CVSS6AI score0.00413EPSS
Exploits0References446
Rows per page
Query Builder