Total CVEs

143,768

Critical Severity

4,091

High Severity

14,768

Last 7 Days

1,518
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,581 - 1,600 of 1,721 CVEs
CVE-2026-5288 CRITICAL - 9.6

Use after free in WebView in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5287 MEDIUM - 6.3

Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5286 HIGH - 8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5285 MEDIUM - 6.3

Use after free in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5284 HIGH - 7.5

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5283 HIGH - 7.4

Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5282 HIGH - 8.1

Out of bounds read in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5281 HIGH - 8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5280 MEDIUM - 6.3

Use after free in WebCodecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5279 MEDIUM - 6.3

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5278 HIGH - 8.8

Use after free in Web MIDI in Google Chrome on Android prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5277 HIGH - 7.5

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5276 MEDIUM - 6.5

Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5275 HIGH - 8.8

Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5274 HIGH - 8.8

Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5273 MEDIUM - 6.3

Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-5272 HIGH - 8.8

Heap buffer overflow in GPU in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Apr 01, 2026
Source: NVD
CVE-2026-33621 MEDIUM - 4.8

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.7` through `v0.8.4` contain incomplete request-throttling protections for auth-checkable endpoints. In `v0.7.7` through `v0.8.3`, a fully implemented `RateLimitMiddleware` existed in `inter...

Vendor: go
Product: github.com/pinchtab/pinchtab
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33623 MEDIUM - 6.7

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.4` contains a Windows-only command injection issue in the orphaned Chrome cleanup path. When an instance is stopped, the Windows cleanup routine builds a PowerShell `-Command` string using ...

Vendor: go
Product: github.com/pinchtab/pinchtab/cmd/pinchtab
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33622 MEDIUM - 8.8

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.8.3` through `v0.8.5` allow arbitrary JavaScript execution through `POST /wait` and `POST /tabs/{id}/wait` when the request uses `fn` mode, even if `security.allowEvaluate` is disabled. `POST...

Vendor: go
Product: github.com/pinchtab/pinchtab/cmd/pinchtab
Published: Mar 24, 2026
Source: GitHub