Total CVEs

143,835

Critical Severity

4,094

High Severity

14,788

Last 7 Days

1,443
Quick preset (or use dates below)
Clear Filters
Showing 1,601 - 1,620 of 2,377 CVEs
CVE-2026-33620 MEDIUM - 4.3

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab `v0.7.8` through `v0.8.3` accepted the API token from a `token` URL query parameter in addition to the `Authorization` header. When a valid API credential is sent in the URL, it can be exposed th...

Vendor: go
Product: github.com/pinchtab/pinchtab
Published: Mar 24, 2026
Source: GitHub
CVE-2026-33619 MEDIUM - 4.1

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. PinchTab v0.8.3 contains a server-side request forgery issue in the optional scheduler's webhook delivery path. When a task is submitted to `POST /tasks` with a user-controlled `callbackUrl`, the v0....

Vendor: go
Product: github.com/pinchtab/pinchtab
Published: Mar 24, 2026
Source: GitHub
CVE-2026-4680 HIGH - 8.8

Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4679 HIGH - 8.8

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4678 HIGH - 8.8

Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4677 HIGH - 8.8

Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4676 HIGH - 8.8

Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4675 HIGH - 8.8

Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4674 HIGH - 8.8

Out of bounds read in CSS in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD
CVE-2026-4673 HIGH - 8.8

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 24, 2026
Source: NVD

An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes ma...

Published: Mar 23, 2026
Source: NVD
CVE-2026-4464 HIGH - 8.8

Integer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4463 HIGH - 8.8

Heap buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4462 HIGH - 8.8

Out of bounds read in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4461 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4460 HIGH - 8.8

Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4459 HIGH - 8.8

Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4458 HIGH - 8.8

Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4457 HIGH - 8.8

Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4456 HIGH - 8.8

Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD