CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

550 vulnerabilities with CWE-693
CVE-2026-9116 MEDIUM
Google Chrome < 148.0.7778.179 - Cross-Origin Data Leak via ServiceWorker Policy Bypass
CVSS 4.3
CVE-2026-9115 MEDIUM
Google Chrome < 148.0.7778.179 - Same Origin Policy Bypass via Service Worker
CVSS 4.3
CVE-2026-24425 HIGH
Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface
CVSS 8.8
CVE-2026-8969 HIGH
Mitigation bypass in the DOM: Security component
CVSS 8.1
CVE-2026-8962 HIGH
Mitigation bypass in the DOM: Security component
CVSS 8.1
CVE-2026-8959 CRITICAL
Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component
CVSS 9.6
CVE-2026-8958 HIGH
Information disclosure, sandbox escape in the Security: Process Sandboxing component
CVSS 8.6
CVE-2026-8945 HIGH
Sandbox escape in Firefox and Firefox Focus for Android
CVSS 7.5
CVE-2026-8585 HIGH
Google Chrome < 148.0.7778.168 on iOS - Out of Bounds Memory Read in Media
CVSS 7.5
CVE-2026-8583 MEDIUM
Google Chrome < 148.0.7778.168 - Insufficient Policy Enforcement in WebXR
CVSS 5.3
CVE-2026-8572 LOW
Google Chrome < 148.0.7778.168 - Cross-Origin Data Leak via Network Policy Enforcement
CVSS 3.1
CVE-2026-8571 HIGH
Google Chrome < 148.0.7778.168 - Sandbox Escape via GPU Policy Enforcement Bypass
CVSS 8.3
CVE-2026-8568 LOW
Google Chrome <148.0.7778.168 - Site Isolation Bypass
CVSS 3.1
CVE-2026-8563 MEDIUM
Google Chrome < 148.0.7778.168 - Navigation Restriction Bypass via IFrame Sandbox Policy Enforcement
CVSS 4.3
CVE-2026-22707 MEDIUM
Strapi Upload Plugin MIME Validation Bypass via Content API
CVSS 5.4
CVE-2026-30904 LOW
Zoom Workplace < 7.0.0 - Authenticated Information Disclosure via Physical Access
CVSS 1.8
CVE-2026-44003 MEDIUM
vm2: Transformer Fast-Path Bypass Exposes Internal State Variable
CVSS 5.3
CVE-2026-44000 MEDIUM
vm2: sandbox boundary bypass via host Promise resolution preserving host object identity
CVSS 6.5
CVE-2026-45227 HIGH
Heym < 0.0.21 Sandbox Escape via Python Introspection
CVSS 8.8
CVE-2026-8401 CRITICAL
Firefox < 150.0.3 - Sandbox Escape via Profile Backup Component
CVSS 9.8
CVE-2026-43660 HIGH
iOS and iPadOS < 18.7.9 and < 26.5 - Content Security Policy Bypass via Malicious Web Content
CVSS 7.5
CVE-2026-28914 MEDIUM
Apple macOS <26.5 - Gatekeeper Bypass
CVSS 5.5
CVE-2026-42261 HIGH
PromptHub: Authenticated SSRF via IPv6 filter bypass in `POST /api/skills/fetch-remote`
CVSS 7.1
CVE-2026-41900 HIGH
OpenLearnX has Critical Remote Code Execution Through Python Sandbox Escape via Code Execution Environment
CVSS 8.8
CVE-2026-8018 HIGH
Google Chrome < 148.0.7778.96 - Sandbox Escape via DevTools Policy Enforcement
CVSS 8.1
Details
Vulnerabilities 550
Links
MITRE CWE Entry Search this CWE With Exploits