CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

550 vulnerabilities with CWE-693
CVE-2026-11264 MEDIUM
Google Chrome < 149.0.7827.53 - Content Security Policy Bypass via Crafted HTML Page
CVSS 4.3
CVE-2026-11263 MEDIUM
Google Chrome < 149.0.7827.53 - Insufficient Policy Enforcement in WebAuthentication
CVSS 6.5
CVE-2026-11260 MEDIUM
Google Chrome < 149.0.7827.53 - Content Security Policy Bypass via Crafted HTML Page
CVSS 4.3
CVE-2026-11248 HIGH
Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Crafted HTML Page
CVSS 8.8
CVE-2026-11247 LOW
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via CustomTabs
CVSS 3.1
CVE-2026-11234 MEDIUM
Google Chrome < 149.0.7827.53 - Site Isolation Bypass via FoldableAPIs
CVSS 4.3
CVE-2026-11219 MEDIUM
Google Chrome < 149.0.7827.53 - Navigation Restriction Bypass via Crafted HTML Page
CVSS 4.3
CVE-2026-11206 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via ServiceWorker Policy Enforcement
CVSS 6.5
CVE-2026-11174 MEDIUM
Google Chrome < 149.0.7827.53 - Site Isolation Bypass via Crafted HTML Page
CVSS 5.3
CVE-2026-11170 HIGH
Google Chrome - Privilege Escalation
CVSS 8.1
CVE-2026-10950 MEDIUM
Google Chrome < 149.0.7827.53 - Insufficient Policy Enforcement in Autofill
CVSS 6.5
CVE-2026-10944 MEDIUM
Google Chrome < 149.0.7827.53 - Cross-Origin Data Leak via Autofill Policy Bypass
CVSS 6.5
CVE-2026-0097 HIGH
Google Android - Protection Mechanism Failure
CVSS 8.0
CVE-2026-0087 HIGH
DomainVerificationService.java - Local Privilege Escalation via Logic Error in approvalLevelForDomainInternal
CVSS 7.8
CVE-2026-0077 HIGH
Android 16-qpr2 ActivityRecord - Background Activity Launch Privilege Escalation
CVSS 7.8
CVE-2026-0045 HIGH
bta_jv_act.cc - Local Privilege Escalation via Logic Error in bta_jv_rfcomm_connect
CVSS 7.8
CVE-2026-10174 MEDIUM
Aider-AI Aider Pre-commit Hook args.py protection mechanism
CVSS 6.3
CVE-2026-45697 CRITICAL
Formie: Pre-authenticated server-side template injection in Hidden fields
CVSS 9.8
CVE-2026-49325 MEDIUM
Indian Scout Bobber 2025 WCM voltage-based shutdown
CVSS 4.6
CVE-2026-49316 MEDIUM
Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown
CVSS 4.6
CVE-2026-47676 MEDIUM
Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths
CVSS 5.3
CVE-2026-48792 MEDIUM
pam_usb: pusb_has_virtual_input_device() silently discards EACCES, disabling remote desktop detection under non-root execution
CVSS 4.4
CVE-2026-45102 CRITICAL
OneUptime: RCE due to Node.js' vm module escape via error objects and infinite recursion
CVSS 9.9
CVE-2026-44451 CRITICAL
Lumiverse: TSX component sandbox escape via DOM ref and string-split identifier bypass
CVSS 9.3
CVE-2026-44071 LOW
Netatalk 3.1.2-4.4.2 - Denial of Service via Missing FORTIFY_SOURCE Protection
CVSS 3.7
Details
Vulnerabilities 550
Links
MITRE CWE Entry Search this CWE With Exploits