Total CVEs

143,749

Critical Severity

4,091

High Severity

14,758

Last 7 Days

1,535
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 1,301 - 1,320 of 1,721 CVEs
CVE-2026-8522 HIGH - 8.8

Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8521 HIGH - 7.5

Use after free in Tab Groups in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8520 HIGH - 8.3

Race in Payments in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8519 HIGH - 8.8

Integer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8518 HIGH - 8.8

Use after free in Blink in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8517 HIGH - 8.8

Object lifecycle issue in WebShare in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8516 MEDIUM - 5.3

Insufficient validation of untrusted input in DataTransfer in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: C...

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8515 HIGH - 8.3

Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8514 HIGH - 8.3

Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8513 HIGH - 8.3

Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8512 HIGH - 8.3

Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8511 CRITICAL - 9.6

Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8510 HIGH - 7.5

Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD
CVE-2026-8509 HIGH - 8.8

Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: May 14, 2026
Source: NVD

Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative pri...

Published: May 13, 2026
Source: NVD

An improper certificate validation vulnerability in the Prisma Access Agent® for Android and Chrome OS enables an attacker to perform a man-in-the-middle (MitM) attack to intercept VPN traffic. By presenting a certificate for any domain issued by a trusted Certificate Authority, the attacker can cap...

Published: May 13, 2026
Source: NVD

A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. This allows the user to execute arbitrary code and r...

Published: May 13, 2026
Source: NVD

Multiple information disclosure vulnerabilities in Prisma Access Agent® allow a local user to access sensitive configuration data and credentials. The Prisma Access Agent on Linux, ChromeOS, Android, and iOS are not affected.

Published: May 13, 2026
Source: NVD
CVE-2026-42177 MEDIUM - 5.3

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome...

Vendor: siemens
Product: linux-entra-sso
Published: May 12, 2026
Source: NVD
CVE-2026-6402 MEDIUM - 5.3

webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix relied on the Sec-Fetch-Mode and Sec-Fetch-Site request headers, which browsers omit for non-trustwort...

Vendor: npm
Product: webpack-dev-server
Published: May 12, 2026
Source: NVD