Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,268
Quick preset (or use dates below)
Clear Filters
Showing 461 - 480 of 2,375 CVEs
CVE-2026-13774 HIGH - 8.1

Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13283 HIGH - 7.5

Use after free in AdFilter in Google Chrome on Android prior to 149.0.7827.201 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 25, 2026
Source: NVD
CVE-2026-13282 MEDIUM - 6.8

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 25, 2026
Source: NVD
CVE-2026-13281 HIGH - 8.3

Integer overflow in Mojo in Google Chrome prior to 149.0.7827.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 25, 2026
Source: NVD

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan Note's kernel HTTP server unconditionally trusts all chrome-extension:// origins, granting RoleAdministrator access to every installed browser extension without any authentication. Combined with the default em...

Vendor: siyuan-note
Product: siyuan
Published: Jun 24, 2026
Source: NVD
CVE-2026-53766 MEDIUM - 6.1

Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by checking whether path.resolve(filePath) textually falls under one of the configured root paths. path.resol...

Vendor: ChromeDevTools
Product: chrome-devtools-mcp
Published: Jun 24, 2026
Source: NVD
CVE-2026-13038 HIGH - 8.8

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13037 HIGH - 7.8

Use after free in WebView in Google Chrome on Android prior to 149.0.7827.197 allowed a local attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13036 HIGH - 8.8

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13035 HIGH - 8.8

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13034 MEDIUM - 4.7

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13033 HIGH - 8.8

Out of bounds read and write in Blink>InterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13032 CRITICAL - 9.6

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13031 HIGH - 8.8

Use after free in Blink in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13030 MEDIUM - 5.3

Uninitialized Use in GPU in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13029 HIGH - 7.5

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13028 CRITICAL - 9.6

Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13027 HIGH - 8.8

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13026 HIGH - 8.8

Use after free in Digital Credentials in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD
CVE-2026-13025 HIGH - 8.3

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 24, 2026
Source: NVD