33 matches found
CVE-2026-14081
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-14081
Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...
CVE-2026-14003
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2026-13919
Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-38741
Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...
CVE-2026-11684
Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-11309
Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11282
CVE-2026-11282 affects Google Chrome on Linux. The issue is insufficient policy enforcement in the Sandbox, potentially allowing a sandbox escape via a crafted HTML page on versions prior to 149.0.7827.53. The reported impact is a high-risk security bypass leading to full exposure of the host, wi...
Insufficiently Protected Credentials
Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...
CVE-2026-30964
web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...
HCL BigFix Remote Control 安全漏洞
HCL BigFix Remote Control is a remote desktop management platform from HCL India. A security vulnerability exists in HCL BigFix Remote Control version 10.1.0.0326 and prior versions, which stems from improper management of content security policies and could lead to the execution of malicious cod...
Security Bulletin: IBM Transformation Extender Advanced, also known as Standards Processing Engine, does not have strong passwords by default
Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, does not require that users should have strong passwords by default. Vulnerability Details CVEID:CVE-2023-49883 DESCRIPTION: IBM Standards Processing Engine does not require that users should have strong...
CVE-2025-10320 iteachyou Dreamer CMS updatePwd weak password
A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of complexity is needed fo...
PT-2024-72: Weakness of password policy in Password Pusher
The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...
PT-2023-14726 · Bofei · Bofei Dbd+ Application
Name of the Vulnerable Software and Affected Versions: BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An insecure password reset issue was discovered in the BOFEI DBD+ Application for IOS & Android service due to an insecure expiry mechanism. Recommendations: For version 1.4....
Google Chrome 安全漏洞
Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome version 111.0.5563.64, which stems from a weak policy enforcement issue in the Extensions API component. An attacker who persuades users to install malicious extensions is allowe...
SUSE CVE-2019-13746
Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...
SUSE CVE-2020-6471
Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...
SUSE CVE-2020-15973
Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...
SUSE CVE-2021-38019
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...