Total CVEs

144,294

Critical Severity

4,165

High Severity

14,995

Last 7 Days

1,580
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 22,561 - 22,580 of 40,699 CVEs
CVE-2026-5871 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5870 HIGH - 8.8

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5869 MEDIUM - 6.5

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5868 HIGH - 8.8

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5867 MEDIUM - 6.5

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5866 HIGH - 8.8

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5865 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5864 MEDIUM - 6.5

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5863 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5862 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5861 HIGH - 8.8

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5860 HIGH - 8.8

Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5859 HIGH - 8.8

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5858 HIGH - 8.8

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5810 LOW - 3.5

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has bee...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5808 MEDIUM - 4.3

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5806 LOW - 3.5

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5711 MEDIUM - 6.4

The Post Blocks & Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sliderStyle' block attribute in the Posts Slider block in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-40037 MEDIUM - 6.5

OpenClaw before 2026.3.31 (patched in 2026.4.8) contains a request body replay vulnerability in fetchWithSsrFGuard that allows unsafe request bodies to be resent across cross-origin redirects. Attackers can exploit this by triggering redirects to exfiltrate sensitive request data or headers to unint...

Vendor: OpenClaw
Product: OpenClaw
Published: Apr 08, 2026
Source: NVD
CVE-2026-40036 HIGH - 7.5

Unfurl beforeΒ 2026.04 contains an unbounded zlib decompression vulnerability in parse_compressed.py that allows remote attackers to cause denial of service. Attackers can submit highly compressed payloads via URL parameters to the /json/visjs endpoint that expand to gigabytes, exhausting server memo...

Vendor: obsidianforensics
Product: unfurl
Published: Apr 08, 2026
Source: NVD