Total CVEs

145,577

Critical Severity

4,257

High Severity

15,676

Last 7 Days

2,277
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,841 - 23,860 of 41,982 CVEs
CVE-2026-5874 CRITICAL - 9.6

Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5873 HIGH - 8.8

Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5872 HIGH - 8.8

Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5871 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5870 HIGH - 8.8

Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5869 MEDIUM - 6.5

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5868 HIGH - 8.8

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5867 MEDIUM - 6.5

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5866 HIGH - 8.8

Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5865 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5864 MEDIUM - 6.5

Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5863 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5862 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5861 HIGH - 8.8

Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5860 HIGH - 8.8

Use after free in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5859 HIGH - 8.8

Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5858 HIGH - 8.8

Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Apr 08, 2026
Source: NVD
CVE-2026-5810 LOW - 3.5

A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has bee...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5808 MEDIUM - 4.3

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in ...

Published: Apr 08, 2026
Source: NVD
CVE-2026-5806 LOW - 3.5

A security vulnerability has been detected in code-projects Easy Blog Site 1.0. This affects an unknown function of the file /posts/update.php. The manipulation of the argument postTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and ...

Published: Apr 08, 2026
Source: NVD