Total CVEs

145,521

Critical Severity

4,252

High Severity

15,657

Last 7 Days

2,299
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,741 - 23,760 of 41,926 CVEs
CVE-2025-12664 HIGH - 7.5

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries.

Vendor: GitLab
Product: GitLab
Published: Apr 08, 2026
Source: NVD
CVE-2026-5919 MEDIUM - 6.5

Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5918 MEDIUM - 4.3

Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5915 HIGH - 8.1

Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5914 HIGH - 8.8

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5913 HIGH - 8.1

Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5912 HIGH - 8.8

Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5911 MEDIUM - 4.3

Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5910 HIGH - 8.8

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5909 HIGH - 8.8

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5908 HIGH - 8.8

Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5907 HIGH - 8.1

Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5906 MEDIUM - 4.3

Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5905 MEDIUM - 6.5

Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5904 HIGH - 8.8

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5903 MEDIUM - 6.5

Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5902 CRITICAL - 9.8

Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5901 MEDIUM - 6.5

Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5900 MEDIUM - 4.3

Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5899 MEDIUM - 6.1

Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD