Total CVEs

145,712

Critical Severity

4,267

High Severity

15,730

Last 7 Days

2,323
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 4,881 - 4,900 of 42,117 CVEs
CVE-2026-13790 MEDIUM - 6.5

Side-channel information leakage in Scroll in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13789 CRITICAL - 9.6

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13788 HIGH - 8.8

Use after free in Fullscreen in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13787 HIGH - 8.1

Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13786 HIGH - 8.8

Use after free in Ozone in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13785 CRITICAL - 9.6

Use after free in Bluetooth in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13784 HIGH - 8.8

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13783 HIGH - 8.8

Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13782 CRITICAL - 10.0

Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13781 CRITICAL - 9.6

Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13780 CRITICAL - 9.6

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13779 HIGH - 8.1

Use after free in Chromoting in Google Chrome on ChromeOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13778 HIGH - 7.8

Use after free in WebUSB in Google Chrome on Mac prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13777 HIGH - 8.8

Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13776 CRITICAL - 9.8

Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13775 CRITICAL - 9.8

Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2026-13774 HIGH - 8.1

Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical)

Vendor: Google
Product: Chrome
Published: Jun 30, 2026
Source: NVD
CVE-2025-71381 MEDIUM - 6.5

Hono before 4.10.2 (fixed in 4.10.3) contains a flaw in its CORS middleware: when the origin is not set to "*", the middleware copies the Vary header from the incoming request into the response. Because Vary is a response header that should be managed by the server, an attacker can supply ...

Vendor: Hono
Product: Hono
Published: Jun 30, 2026
Source: NVD
CVE-2025-71374 HIGH - 8.1

picklescan before 0.0.29 fails to detect the built-in python profile.Profile.run function when used in pickle reduce methods, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files that bypass picklescan detection and achieve code execution upon deserializati...

Vendor: picklescan
Product: picklescan
Published: Jun 30, 2026
Source: NVD
CVE-2025-71371 HIGH - 8.1

picklescan before 0.0.29 fails to detect malicious pickle files using code.InteractiveInterpreter.runcode in reduce methods. Attackers can craft pickle payloads that bypass picklescan detection and execute arbitrary code when loaded via pickle.load().

Vendor: picklescan
Product: picklescan
Published: Jun 30, 2026
Source: NVD