Lucene search
K

476 matches found

NVD
NVD
added 2026/06/05 12:17 a.m.10 views

CVE-2026-11244

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

3.1CVSS0.00207EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 12:17 a.m.5 views

DEBIAN-CVE-2026-11244

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

3.1CVSS5.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/04 11:3 p.m.8 views

CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00326EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 11:3 p.m.19 views

CVE-2026-10906

CVE-2026-10906 : Use-after-free in WebAuthentication of Google Chrome before 149.0.7827.53 allows a remote attacker, user must engage in specific UI gestures, potentially leading to heap corruption via a crafted HTML page. Affected component: WebAuthentication in Chrome/Chromium stack. Root cause...

7.5CVSS5.8AI score0.00326EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/04 11:3 p.m.8 views

CVE-2026-10906

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

7.5CVSS5.5AI score0.00326EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.9 views

PT-2026-46790

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient policy enforcement in WebAuthentication allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.8 views

PT-2026-46771

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00207EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/20 11:23 a.m.12 views

keycloak: org.keycloak.authentication: Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of WebAuthentication in Google Chrome prior to version 96.0.4664.45 allowed a remote attacker to leak cross-origin data through a crafted HTML page...

6.5CVSS6.6AI score0.00856EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.10 views

Keycloak: Unauthorized account takeover via WebAuthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/05/19 12:16 p.m.14 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS0.0044EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:52 a.m.7 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/19 10:52 a.m.8 views

CVE-2026-37982 Keycloak: org.keycloak.authentication: keycloak: unauthorized account takeover via webauthn token replay

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4
CVE
CVE
added 2026/05/19 10:52 a.m.43 views

CVE-2026-37982

Keycloak contains an authentication vulnerability (CVE-2026-37982) where an attacker can replay ExecuteActionsActionToken tokens in the WebAuthn flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim’s account, enabling unauthorized enrol...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/19 10:52 a.m.17 views

EUVD-2026-30886

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/19 10:52 a.m.11 views

CVE-2026-37982

A flaw was found in Keycloak. This authentication vulnerability allows a remote attacker to replay ExecuteActionsActionToken tokens within Keycloak's WebAuthn Web Authentication flow. By intercepting an execute-actions email link, an attacker can register their own authenticator to a victim's...

6.8CVSS5.8AI score0.0044EPSS
Exploits0References3
OSV
OSV
added 2026/05/19 9:31 a.m.7 views

GHSA-G8VR-X4QH-25QG Keycloak: Policy bypass during WebAuthn credential registration via client-side JavaScript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.7AI score0.00392EPSS
Exploits0References12
NVD
NVD
added 2026/05/19 7:16 a.m.16 views

CVE-2026-8830

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS0.00392EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/19 6:4 a.m.12 views

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS5.8AI score0.00392EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/19 6:4 a.m.50 views

CVE-2026-8830 Keycloak: org.keycloak/keycloak-services: keycloak: policy bypass during webauthn credential registration via client-side javascript manipulation

A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side processAction fails to validate that the newly created credential's parameters, such as public key...

4.3CVSS0.00392EPSS
Exploits0References6
Rows per page
Query Builder