Total CVEs

138,196

Critical Severity

3,545

High Severity

12,691

Last 7 Days

1,956
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,321 - 2,340 of 12,388 CVEs
CVE-2026-9887 HIGH - 8.8

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9885 HIGH - 8.3

Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9884 HIGH - 8.8

Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9883 HIGH - 8.8

Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9880 HIGH - 8.3

Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9879 HIGH - 8.8

Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9878 HIGH - 8.8

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9877 HIGH - 8.3

Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-9873 HIGH - 8.8

Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 28, 2026
Source: NVD
CVE-2026-5343 HIGH - 7.4

Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.4.

Vendor: miniorange
Product: saml_sso_-_service_provider
Published: May 28, 2026
Source: NVD
CVE-2026-10022 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10021 HIGH - 8.8

Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10020 HIGH - 8.3

Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10019 HIGH - 8.8

Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10017 HIGH - 8.3

Out of bounds read in Headless in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10016 HIGH - 8.8

Use after free in DOM in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10015 HIGH - 8.8

Integer overflow in WTF in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10014 HIGH - 8.3

Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10013 HIGH - 8.8

Use after free in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10012 HIGH - 8.3

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD