Total CVEs

144,714

Critical Severity

4,191

High Severity

15,264

Last 7 Days

1,884
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,521 - 21,540 of 41,119 CVEs
CVE-2026-6306 HIGH - 8.8

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6305 HIGH - 8.8

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6304 HIGH - 8.3

Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6303 HIGH - 8.8

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6302 HIGH - 8.8

Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6301 HIGH - 8.8

Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6300 HIGH - 8.8

Use after free in CSS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6299 HIGH - 8.8

Use after free in Prerender in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6298 MEDIUM - 4.3

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6297 HIGH - 8.3

Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6296 CRITICAL - 9.6

Heap buffer overflow in ANGLE in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-40919 MEDIUM - 6.1

A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service (DoS), leading to the plugin crashing and potentia...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 15, 2026
Source: NVD
CVE-2026-40918 MEDIUM - 5.5

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted PV...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 15, 2026
Source: NVD
CVE-2026-40917 MEDIUM - 5.0

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that proce...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 15, 2026
Source: NVD
CVE-2026-40916 MEDIUM - 5.0

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a variable...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 15, 2026
Source: NVD
CVE-2026-40915 MEDIUM - 5.5

A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-byte memory allocation, which is then subjected to a heap buffer overflow when processing pixel data....

Vendor: Red Hat
Product: Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: Apr 15, 2026
Source: NVD
CVE-2026-39857 MEDIUM - 5.3

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the choices and counts query parameters of the REST API, where these query builders execute MongoDB distinct() operations that bypass the publicApiProjection ...

Vendor: apostrophecms
Product: apostrophe
Published: Apr 15, 2026
Source: NVD
CVE-2026-35569 HIGH - 8.7

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendered without proper output encoding into HTML contexts including...

Vendor: apostrophecms
Product: apostrophe
Published: Apr 15, 2026
Source: NVD
CVE-2026-33889 MEDIUM - 5.4

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the laund...

Vendor: apostrophecms
Product: apostrophe
Published: Apr 15, 2026
Source: NVD
CVE-2026-33888 MEDIUM - 5.3

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain an authorization bypass vulnerability in the getRestQuery method of the @apostrophecms/piece-type module, where the method checks whether a MongoDB projection has already been set before applying the...

Vendor: apostrophecms
Product: apostrophe
Published: Apr 15, 2026
Source: NVD