Lucene search
K

5860 matches found

Cvelist
Cvelist
added yesterday21 views

CVE-2026-54431 Improper Data Validation in liboauth2

In liboauth2 the Demonstrating Proof-of-Possession DPoP verifier accepts a proof whose JSON Web Key jwk header contains private key material. RFC 9449 section 4.3 step 7 requires the verifier to reject such a proof but oauth2tokenverify function returns success for a malformed DPoP proof that...

5.1CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-54431

CVE-2026-54431 affects the liboauth2 DPoP verifier. The bug allows a DPoP proof whose JWK header embeds private key material to be accepted, violating RFC 9449 section 4.3 step 7, because the function oauth2_token_verify() returns success for a malformed DPoP proof that embeds the private EC key ...

5.1CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-40650

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0022EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40494

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: High...

4.6CVSS5.8AI score0.00134EPSS
Exploits0References3
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00232EPSS
Exploits0References2
NVD
NVD
added 3 days ago4 views

CVE-2026-13976

Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8CVSS0.00168EPSS
Exploits0References2
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 3 days ago2 views

DEBIAN-CVE-2026-13808

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: High...

4.6CVSS5.8AI score0.00134EPSS
Exploits0References1
NVD
NVD
added 3 days ago5 views

CVE-2026-13808

Insufficient data validation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via physical access to the device. Chromium security severity: High...

4.6CVSS0.00134EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago4 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00232EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago20 views

CVE-2026-14118

Insufficient data validation in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00232EPSS
Exploits0References2
CVE
CVE
added 3 days ago6 views

CVE-2026-14118

Chrome DevTools in Google Chrome suffers from insufficient data validation , allowing a remote attacker to leak cross-origin data if a user is coerced into specific UI gestures on a crafted HTML page. Affected versions are prior to 150.0.7871.47 . Mitigation: upgrade to 150.0.7871.47 or later. CV...

6.5CVSS5.8AI score0.00232EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00229EPSS
Exploits0
Cvelist
Cvelist
added 3 days ago21 views

CVE-2026-14100

Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00229EPSS
Exploits0References2
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-13976

Insufficient data validation in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.8CVSS5.8AI score0.00168EPSS
Exploits0
CVE
CVE
added 3 days ago9 views

CVE-2026-13962

CVE-2026-13962 affects Google Chrome (Chromium-based) prior to 150.0.7871.47. The issue is insufficient data validation in PDF handling within the renderer process, allowing a remote attacker who has already compromised the renderer to bypass navigation restrictions via a crafted HTML page. The o...

6.5CVSS5.8AI score0.0022EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 3 days ago3 views

CVE-2026-13962

Insufficient data validation in PDF in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.0022EPSS
Exploits0
CVE
CVE
added 3 days ago10 views

CVE-2026-13808

Chrome for iOS (Google Chrome on iOS) prior to version 150.0.7871.47 is affected by insufficient data validation that could allow a local attacker to read potentially sensitive information from process memory with physical device access. The issue is addressed in the Chrome 150/151 stable updates...

4.6CVSS5.8AI score0.00134EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:1 p.m.31 views

CVE-2026-42390 ZONEMD validation can be bypassed

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation...

5.3CVSS0.00213EPSS
Exploits0References1
Rows per page
Query Builder