Total CVEs

145,459

Critical Severity

4,246

High Severity

15,641

Last 7 Days

2,342
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 22,241 - 22,260 of 41,864 CVEs
CVE-2026-40186 MEDIUM - 6.1

ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements (textarea and option). Apostrophe...

Vendor: apostrophecms
Product: apostrophe, sanitize-html
Published: Apr 15, 2026
Source: NVD
CVE-2026-40173 CRITICAL - 9.4

Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line includ...

Vendor: dgraph-io
Product: dgraph
Published: Apr 15, 2026
Source: NVD
CVE-2026-22676 HIGH - 7.8

Barracuda RMM versions prior toΒ 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place attacker...

Vendor: Barracuda Networks
Product: RMM
Published: Apr 15, 2026
Source: NVD
CVE-2026-6385 MEDIUM - 6.5

A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability is caused by a signed integer overflow in the DVD subtitle parser's fragment reassembly bounds ch...

Published: Apr 15, 2026
Source: NVD
CVE-2026-6384 HIGH - 7.3

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execu...

Published: Apr 15, 2026
Source: NVD
CVE-2026-6364 MEDIUM - 6.5

Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6363 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6362 MEDIUM - 6.3

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6361 HIGH - 7.2

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6360 HIGH - 8.8

Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6359 HIGH - 8.8

Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6358 HIGH - 8.8

Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6319 HIGH - 7.5

Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6318 HIGH - 8.8

Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6317 HIGH - 8.8

Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6316 HIGH - 8.8

Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6315 HIGH - 8.8

Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6314 HIGH - 8.3

Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6313 LOW - 3.1

Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD
CVE-2026-6312 LOW - 3.1

Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 15, 2026
Source: NVD