Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,531
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,621 - 1,640 of 1,721 CVEs
CVE-2026-4455 HIGH - 8.8

Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4454 HIGH - 8.8

Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4453 MEDIUM - 4.3

Integer overflow in Dawn in Google Chrome on Mac prior to 146.0.7680.153 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4452 HIGH - 8.8

Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4451 HIGH - 8.8

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4450 HIGH - 8.8

Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4449 HIGH - 8.8

Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4448 HIGH - 8.8

Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4447 HIGH - 8.8

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4446 HIGH - 8.8

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4445 HIGH - 8.8

Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4444 HIGH - 8.8

Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4443 HIGH - 8.8

Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4442 HIGH - 8.8

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4441 HIGH - 8.8

Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4440 HIGH - 8.8

Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-4439 HIGH - 8.8

Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

Vendor: google
Product: chrome
Published: Mar 20, 2026
Source: NVD
CVE-2026-33081 MEDIUM - 5.8

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL() function only checks the initial user-supplied URL, but the embedded Chromium browser can foll...

Vendor: go
Product: github.com/pinchtab/pinchtab
Published: Mar 18, 2026
Source: GitHub
CVE-2026-22174 MEDIUM - 5.7

OpenClaw versions prior to 2026.2.22 inject the x-OpenClaw-relay-token header into Chrome CDP probe traffic on loopback interfaces, allowing local processes to capture the Gateway authentication token. An attacker controlling a loopback port can intercept CDP reachability probes to the /json/version...

Vendor: OpenClaw
Product: OpenClaw
Published: Mar 18, 2026
Source: NVD
CVE-2026-32617 HIGH - 7.1

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the server...

Vendor: Mintplex-Labs
Product: anything-llm
Published: Mar 16, 2026
Source: NVD