405 matches found
CVE-2026-11244
An insufficient validation of untrusted input flaw was found in the WebAuthentication component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497609145...
Chromium: CVE-2026-11244 Insufficient validation of untrusted input in WebAuthentication
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-10906 Use after free in WebAuthentication
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-34355
Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
DEBIAN-CVE-2026-11244
Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11244
Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-10906
CVE-2026-10906 : Use-after-free in WebAuthentication of Google Chrome before 149.0.7827.53 allows a remote attacker, user must engage in specific UI gestures, potentially leading to heap corruption via a crafted HTML page. Affected component: WebAuthentication in Chrome/Chromium stack. Root cause...
CVE-2026-10906
Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
CVE-2026-10906
Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
PT-2026-46790
Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
PT-2026-46771
Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
Astra Linux - уязвимость в chromium
Inappropriate implementations of WebAuthentication in Google Chrome prior to version 96.0.4664.45 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в chromium
Before version 91.0.4472.77, using WebAuthentication in Google Chrome on Android allowed a remote attacker who had compromised the renderer process of a user who had saved a credit card in their Google account to potentially exploit heap corruption through a crafted HTML page...
Keycloak: Unauthorized account takeover via WebAuthn token replay
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
CVE-2026-37982
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
CVE-2026-37982
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
EUVD-2026-30886
A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...
CVE-2026-37982
Keycloak contains an authentication vulnerability (CVE-2026-37982) where an attacker can replay ExecuteActionsActionToken tokens in the WebAuthn flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim’s account, enabling unauthorized enrol...