CWE-693

Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

550 vulnerabilities with CWE-693
CVE-2026-8014 MEDIUM
Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via Preload Implementation
CVSS 4.3
CVE-2026-8011 MEDIUM
Google Chrome < 148.0.7778.96 - Cross-Origin Data Leak via Search Policy Enforcement
CVSS 4.3
CVE-2026-8009 MEDIUM
Google Chrome < 148.0.7778.96 - Navigation Restriction Bypass via Cast
CVSS 5.0
CVE-2026-8004 MEDIUM
Google Chrome < 148.0.7778.96 - Insufficient Policy Enforcement in DevTools
CVSS 4.3
CVE-2026-7978 HIGH
Google Chrome < 148.0.7778.96 - OS-Level Privilege Escalation via Companion
CVSS 8.1
CVE-2026-7963 HIGH
Google Chrome < 148.0.7778.96 - Sandbox Escape via ServiceWorker
CVSS 8.3
CVE-2026-7959 LOW
Google Chrome - Site Isolation Bypass
CVSS 3.1
CVE-2026-7952 MEDIUM
Google Chrome < 148.0.7778.96 - Insufficient Policy Enforcement in Extensions
CVSS 4.2
CVE-2026-7946 MEDIUM
Google Chrome - Site Isolation Bypass
CVSS 4.3
CVE-2026-7937 LOW
Google Chrome < 148.0.7778.96 - Insufficient Policy Enforcement in DevTools
CVSS 3.1
CVE-2026-7932 MEDIUM
Google Chrome < 148.0.7778.96 - Insufficient Policy Enforcement in Downloads
CVSS 4.4
CVE-2026-7913 HIGH
Google Chrome < 148.0.7778.96 - Privilege Escalation via DevTools Policy Enforcement
CVSS 7.8
CVE-2026-7909 LOW
Google Chrome < 148.0.7778.96 - Site Isolation Bypass via ServiceWorker
CVSS 3.1
CVE-2026-26956 CRITICAL
vm2: WASM Sandbox Escape (Node 25 only)
CVSS 9.8
CVE-2026-26332 CRITICAL
vm2: Sandbox Escape
CVSS 9.8
CVE-2026-24781 CRITICAL
vm2: Sandbox Breakout Through Inspect
CVSS 9.8
CVE-2026-24120 CRITICAL
vm2: Sandbox Breakout Through Promise Species
CVSS 9.8
CVE-2026-24118 CRITICAL
VM2 Sandbox Breakout Through __lookupGetter__
CVSS 9.8
CVE-2026-41316 HIGH
ERB def_module/def_method/def_class - Deserialization Guard Bypass
CVSS 8.1
CVE-2026-41469 MEDIUM
Beghelli Sicuro24 SicuroWeb Missing Content Security Policy
CVSS 5.2
CVE-2026-22753 HIGH
Servlet Path Not Correctly Included in Path Matching of HttpSecurity#securityMatchers
CVSS 7.5
CVE-2026-22013 MEDIUM
Oracle Java SE 8u481 - Memory Corruption
CVSS 5.3
CVE-2026-40604 MEDIUM
ClearanceKit: opfilter system extension can be suspended or signalled by a root process, disabling file-access policy enforcement
CVSS 4.4
CVE-2026-6774 MEDIUM
Mitigation bypass in the DOM: Security component
CVSS 5.4
CVE-2026-6763 MEDIUM
Mitigation bypass in the File Handling component
CVSS 6.5
Details
Vulnerabilities 550
Links
MITRE CWE Entry Search this CWE With Exploits