Lucene search
K

205 matches found

CVE
CVE
added 5 days ago9 views

CVE-2026-56359

n8n prior to 2.8.0 contains a cross-site scripting vulnerability in the credential management flow. Authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields, enabling crafted credentials to cause the victim, who clicks the OAuth authorization button...

5.4CVSS5.9AI score0.00141EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42257

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth...

5.4CVSS5.9AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-56359 n8n - Cross-Site Scripting in Credential Management OAuth2 Authorization URL

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth...

5.4CVSS0.00141EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40744

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40682

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0019EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a...

4.3CVSS6.2AI score0.0019EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.4 views

DEBIAN-CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.22 views

CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

0.00181EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.108 views

CVE-2026-14057

CVE-2026-14057 affects Google Chrome where an inappropriate FedCM implementation allows a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected versions are Chrome before 150.0.7871.47; the vulnerability stems from the FedCM component’s incorrect handling, enabling cr...

4.3CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.4 views

CVE-2026-14057

Inappropriate implementation in FedCM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00181EPSS
Exploits0
CVE
CVE
added 2026/06/30 10:38 p.m.65 views

CVE-2026-13994

CVE-2026-13994 describes an issue in Google Chrome on Android related to Credential Management: an inappropriate implementation allows a remote attacker to perform UI spoofing via a crafted HTML page. The vulnerability affects Chrome versions prior to 150.0.7871.47 (Chromium security severity: Me...

4.3CVSS5.8AI score0.0019EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.4 views

CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0019EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.26 views

CVE-2026-13994

Inappropriate implementation in Credential Management in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

0.0019EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 5:16 p.m.10 views

CVE-2026-58377

JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, update, and delete operations on OpenAPI credentials by accessing the OpenApiAuthController and OpenApiPermissionController endpoints which lack Shiro...

8.6CVSS0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 3:59 p.m.36 views

CVE-2026-58377 JeecgBoot 3.9.2 - Missing Authorization on OpenAPI Credential Management Endpoints Exposes Access/Secret Keys

JeecgBoot through 3.9.2 contains a broken access control vulnerability that allows authenticated low-privilege users to perform full create, read, update, and delete operations on OpenAPI credentials by accessing the OpenApiAuthController and OpenApiPermissionController endpoints which lack Shiro...

8.6CVSS0.00263EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-54270

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An inappropriate implementation in Credential Management allows a remote attacker to perform UI spoofing via a crafted HTML page. UI spoofing is a technique where an attacker...

9.8CVSS6AI score0.00413EPSS
Exploits0References445
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.7 views

PT-2026-54332

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the Federated Credential Management FedCM API allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts...

9.8CVSS6AI score0.00413EPSS
Exploits0References448
Rows per page
Query Builder