Lucene search
K

33 matches found

NVD
NVD
added 2026/06/30 11:17 p.m.7 views

CVE-2026-14081

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

6.5CVSS0.00175EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.8 views

CVE-2026-14081

Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. Chromium security severity: Low...

6.5CVSS5.8AI score0.00175EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.4 views

CVE-2026-14003

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00148EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.4 views

CVE-2026-13919

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.7AI score0.00319EPSS
Exploits0
EUVD
EUVD
added 2026/06/24 11:53 a.m.12 views

EUVD-2026-38741

Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the webhook secret and forge valid X-Capgo-Signature headers to send authenticated webhook events to...

7.1CVSS5.9AI score0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/08 11:27 p.m.10 views

CVE-2026-11684

Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

5.5AI score0.00171EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.19 views

SUSE CVE-2026-11309

Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:6 p.m.36 views

CVE-2026-11282

CVE-2026-11282 affects Google Chrome on Linux. The issue is insufficient policy enforcement in the Sandbox, potentially allowing a sandbox escape via a crafted HTML page on versions prior to 149.0.7827.53. The reported impact is a high-risk security bypass leading to full exposure of the host, wi...

9.6CVSS5.8AI score0.00243EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/03/16 4:26 p.m.3 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials due to insufficient policy enforcement in the Trusted Platform Module TPM during the disk decryption process. An attacker can gain unauthorized access to encrypted data by physically replacing the ro...

7.6CVSS5.9AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.7 views

CVE-2026-30964

web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowedorigins is configured, CheckAllowedOrigins reduces URL-like values to their host component and...

5.4CVSS0.00197EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

HCL BigFix Remote Control 安全漏洞

HCL BigFix Remote Control is a remote desktop management platform from HCL India. A security vulnerability exists in HCL BigFix Remote Control version 10.1.0.0326 and prior versions, which stems from improper management of content security policies and could lead to the execution of malicious cod...

6.1CVSS6.9AI score0.00157EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/01 4:13 p.m.5 views

Security Bulletin: IBM Transformation Extender Advanced, also known as Standards Processing Engine, does not have strong passwords by default

Summary IBM Transformation Extender Advanced, also known as IBM Standards Processing Engine, does not require that users should have strong passwords by default. Vulnerability Details CVEID:CVE-2023-49883 DESCRIPTION: IBM Standards Processing Engine does not require that users should have strong...

7.5CVSS6.5AI score0.00255EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2025/09/12 4:2 p.m.13 views

CVE-2025-10320 iteachyou Dreamer CMS updatePwd weak password

A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible. A high degree of complexity is needed fo...

3.1CVSS0.0022EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.4 views

PT-2024-72: Weakness of password policy in Password Pusher

The vulnerability was identified in Password Pusher versions prior to 1.49.0. The application allows users to set weak and easily bruteforced passwords. The discovered vulnerability allows attackers to bruteforce the password and gain access to the application with privileges of the corresponding...

6.9CVSS6.6AI score0.00522EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2023/03/21 12:0 a.m.3 views

PT-2023-14726 · Bofei · Bofei Dbd+ Application

Name of the Vulnerable Software and Affected Versions: BOFEI DBD+ Application for IOS & Android version 1.4.4 Description: An insecure password reset issue was discovered in the BOFEI DBD+ Application for IOS & Android service due to an insecure expiry mechanism. Recommendations: For version 1.4....

9.8CVSS9.2AI score0.00771EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/03/07 12:0 a.m.4 views

Google Chrome 安全漏洞

Google Chrome is a web browser from Google Inc. in the United States. A security vulnerability exists in Google Chrome version 111.0.5563.64, which stems from a weak policy enforcement issue in the Extensions API component. An attacker who persuades users to install malicious extensions is allowe...

4.3CVSS7AI score0.00332EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.3 views

SUSE CVE-2019-13746

Insufficient policy enforcement in Omnibox in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML page...

6.5CVSS6.5AI score0.0136EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:2 a.m.3 views

SUSE CVE-2020-6471

Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension...

9.6CVSS8.1AI score0.014EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:56 a.m.4 views

SUSE CVE-2020-15973

Insufficient policy enforcement in extensions in Google Chrome prior to 86.0.4240.75 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension...

6.5CVSS6.9AI score0.01016EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:38 a.m.5 views

SUSE CVE-2021-38019

Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS6.8AI score0.00831EPSS
Exploits0References7
Rows per page
Query Builder