Total CVEs

143,746

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,542
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,201 - 1,220 of 1,721 CVEs
CVE-2026-10012 HIGH - 8.3

Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD

Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10010 MEDIUM - 5.0

Inappropriate implementation in Input in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10009 HIGH - 7.5

Integer overflow in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10008 MEDIUM - 6.5

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10007 HIGH - 8.8

Use after free in SVG in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10006 HIGH - 7.5

Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10005 HIGH - 7.5

Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10004 MEDIUM - 6.5

Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10003 HIGH - 7.5

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10002 HIGH - 8.8

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10001 HIGH - 8.3

Use after free in PerformanceManager in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD
CVE-2026-10000 HIGH - 8.3

Use after free in Passwords in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: Google
Product: Chrome
Published: May 28, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_typec: Init mutex in Thunderbolt registration cros_typec_register_thunderbolt() missed initializing the `adata->lock` mutex. This leads to a NULL dereference when the mutex is later acquired (e.g. in c...

Vendor: Linux
Product: Linux
Published: May 28, 2026
Source: NVD
CVE-2025-68712 MEDIUM - 5.5

SpSoft AppLock (com.sp.protector.free) 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce authen...

Published: May 27, 2026
Source: NVD

AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interfac...

Published: May 26, 2026
Source: NVD

SailingLab AppLock (aka com.alpha.applock) 4.3.8 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flows - insecure navigation throug...

Published: May 26, 2026
Source: NVD

Easyelife App lock (aka Fingerprint,Applock or locker.app.safe.applocker) 1.9.2 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an overlay rather than by using Android's secure authentication APIs. By navigating cascading interface flo...

Published: May 26, 2026
Source: NVD
CVE-2026-9126 HIGH - 8.8

Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 20, 2026
Source: NVD
CVE-2026-9124 MEDIUM - 5.3

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: May 20, 2026
Source: NVD