CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-11309

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11282

CVE-2026-11282 affects Google Chrome on Linux. The issue is insufficient policy enforcement in the Sandbox, potentially allowing a sandbox escape via a crafted HTML page on versions prior to 149.0.7827.53. The reported impact is a high-risk security bypass leading to full exposure of the host, wi...

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

HCL BigFix Remote Control 安全漏洞

HCL BigFix Remote Control is a remote desktop management platform from HCL India. A security vulnerability exists in HCL BigFix Remote Control version 10.1.0.0326 and prior versions, which stems from improper management of content security policies and could lead to the execution of malicious cod...

Security Bulletin: IBM Transformation Extender Advanced, also known as Standards Processing Engine, does not have strong passwords by default

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, does not require that users should have strong passwords by default. Vulnerability Details CVEID:CVE-2023-49883 DESCRIPTION: IBM Standards Processing Engine does not require that users should have strong...

CVE-2025-10320 iteachyou Dreamer CMS updatePwd weak password

A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of complexity is needed fo...

PT-2024-72: Weakness of password policy in Password Pusher

The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...

PT-2023-14726 · Bofei · Bofei Dbd+ Application

Name of the Vulnerable Software and Affected Versions: BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An insecure password reset issue was discovered in the BOFEI DBD+ Application for IOS & Android service due to an insecure expiry mechanism. Recommendations: For version 1.4....

Google Chrome 安全漏洞

Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome version 111.0.5563.64, which stems from a weak policy enforcement issue in the Extensions API component. An attacker who persuades users to install malicious extensions is allowe...

SUSE CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

SUSE CVE-2020-6471

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

SUSE CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...

SUSE CVE-2021-38019

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2022-1873

Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

SUSE CVE-2022-3054

Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Weak policy at Change password function

Description We can register an normal account with = 8 characters password. But we ccan change password with just 1 character when we use change password function Proof of Concept https://drive.google.com/file/d/1D-IDqrMiaBGLnZaZY9L3u-S4u-MoGxPc/view?usp=sharing...

AZL-6508 CVE-2021-44225 affecting package keepalived for versions less than 2.2.7-1

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable writable property...

The vulnerability of the Synergia operating system, related to weaknesses in password policies, allows attackers to obtain user passwords by force.

The vulnerability of the Synergia operating system is related to weaknesses in the password policy. Exploiting this vulnerability could allow a perpetrator to obtain user passwords by force...