Lucene search
K

703 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.4 views

CVE-2026-14050

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00247EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-13933

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.00256EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.11 views

CVE-2026-14050

Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-14050.

6.5CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.21 views

CVE-2026-14050

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.16 views

CVE-2026-13937

CVE-2026-13937 concerns Google Chrome where insufficient policy enforcement in passwords handling within the Chromium-based renderer allowed a remote attacker who had already compromised the renderer to leak cross-origin data via a crafted HTML page. The vulnerability is described in multiple sou...

6.5CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.4 views

CVE-2026-13937

Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00288EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 1:37 p.m.30 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS0.00249EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 1:37 p.m.7 views

CVE-2026-35097 Weak Password Requirements in KTM System e-BOK

KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any alphabetic, special, or extended characters. This issue was fixed in the patch published in June 2026...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54214

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Insufficient policy enforcement in the Passwords component allows a remote attacker who has compromised the renderer process to leak cross-origin data using a crafted HTML page...

9.6CVSS6AI score0.00413EPSS
Exploits0References438
OSV
OSV
added 2026/06/25 6:18 p.m.4 views

GHSA-R4V7-6WCG-GHJ5 FileBrowser: Missing Rate Limiting on Authentication Endpoint Enables Brute Force Attacks

Summary The /api/auth/login endpoint does not implement rate limiting, account lockout, or progressive backoff for repeated authentication failures. As a result, an attacker can perform unlimited login attempts against the endpoint. When combined with the username enumeration timing vulnerability...

6.5CVSS5.9AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.9 views

Important: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.13 Security Update

New Red Hat build of Keycloak 26.4.13 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.13 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security...

8.8CVSS5.9AI score0.00519EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

keycloak: Keycloak: Denial of Service via malformed LDAP password policy response

A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol LDAP server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password...

4.9CVSS5.8AI score0.00476EPSS
Exploits0References4
NVD
NVD
added 2026/06/20 4:17 p.m.14 views

CVE-2026-56228

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS0.00272EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.23 views

CVE-2026-56228

Capgo before 12.128.2 is vulnerable to improper password policy length validation. An authenticated organization administrator can set an extremely large minimum password length value, causing all users to fail password changes and effectively lock out the organization, resulting in an applicatio...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38116

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS5.9AI score0.00272EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.31 views

CVE-2026-56228 Capgo - Denial of Service via Improper Password Policy Length Validation

Capgo before 12.128.2 fails to enforce a maximum value on the minimum password length field in its password policy configuration. An authenticated organization administrator can set an extremely large numeric value e.g., billions of characters as the minimum password length, making compliance...

6.9CVSS0.00272EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 12:34 a.m.8 views

EUVD-2026-38094

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2026/06/19 10:16 p.m.17 views

CVE-2026-56080

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 9:39 p.m.21 views

CVE-2026-56080 Cap-go - Authentication Logic Flaw in Enforce Password Policy

Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as...

6.9CVSS0.00299EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 9:39 p.m.16 views

CVE-2026-56080

Capgo before 12.128.2 has an Enforce Password Policy flaw: after a Super Admin enables the policy and sets a compliant password, the backend does not update the password‑compliance state, so the account remains non‑compliant and the system repeatedly prompts for password resets, effectively locki...

6.9CVSS5.9AI score0.00299EPSS
Exploits0References2
Rows per page
Query Builder