CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-11663
8.3 HIGH

Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 9, 2026
CVE-2026-11662
8.8 HIGH

Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 9, 2026
CVE-2026-11661
8.3 HIGH

Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11660
8.3 HIGH

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process …

Jun 9, 2026
CVE-2026-11659
9.6 CRITICAL

Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

Jun 9, 2026
CVE-2026-11658
6.5 MEDIUM

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 9, 2026
CVE-2026-11657
8.8 HIGH

Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 9, 2026
CVE-2026-11656
8.3 HIGH

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to potentially …

Jun 9, 2026
CVE-2026-11655
8.3 HIGH

Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11654
9.6 CRITICAL

Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 9, 2026
CVE-2026-11653
6.5 MEDIUM

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 9, 2026
CVE-2026-11652
8.3 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 9, 2026
CVE-2026-11651
9.6 CRITICAL

Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11650
8.8 HIGH

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11649
8.8 HIGH

Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11648
8.8 HIGH

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 9, 2026
CVE-2026-11647
8.3 HIGH

Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11646
8.8 HIGH

Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 9, 2026
CVE-2026-11645
8.8 HIGH KEV

Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox …

Jun 9, 2026
CVE-2026-11644
7.5 HIGH

Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension …

Jun 9, 2026
CVE-2026-11643
8.1 HIGH

Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security …

Jun 9, 2026
CVE-2026-11642
8.3 HIGH

Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 9, 2026
CVE-2026-11641
7.5 HIGH

Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific …

Jun 9, 2026
CVE-2026-11640
8.3 HIGH

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 9, 2026
CVE-2026-11639
7.5 HIGH

Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 9, 2026
CVE-2026-11638
9.6 CRITICAL

Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jun 9, 2026
CVE-2026-11637
8.8 HIGH

Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 9, 2026
CVE-2026-11636
7.5 HIGH

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific …

Jun 9, 2026
CVE-2026-11635
8.3 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11634
9.6 CRITICAL

Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 9, 2026
CVE-2026-11633
8.8 HIGH

Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. …

Jun 9, 2026
CVE-2026-11632
7.5 HIGH

Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 9, 2026
CVE-2026-11631
8.3 HIGH

Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 9, 2026
CVE-2026-11630
8.8 HIGH

Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Jun 9, 2026
CVE-2026-11629
8.8 HIGH

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Jun 9, 2026
CVE-2026-11628
6.8 MEDIUM

Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the …

Jun 9, 2026
CVE-2026-9669

bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted input could …

Jun 8, 2026
CVE-2026-44541

Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description …

Jun 8, 2026
CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory …

Jun 8, 2026
CVE-2026-11585
6.3 MEDIUM

A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the argument …

Jun 8, 2026
CVE-2026-49141
7.1 HIGH

WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to …

Jun 8, 2026
CVE-2026-47345

Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.

Jun 8, 2026
CVE-2026-47344

When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent …

Jun 8, 2026
CVE-2026-46484
8.1 HIGH

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in …

Jun 8, 2026
CVE-2026-40519
7.5 HIGH

Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() …

Jun 8, 2026
CVE-2026-35058

Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal …

Jun 8, 2026
CVE-2026-11584
6.3 MEDIUM

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument …

Jun 8, 2026
CVE-2026-11583
6.3 MEDIUM

A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the …

Jun 8, 2026
CVE-2026-11582
7.3 HIGH

A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a …

Jun 8, 2026
CVE-2026-52778
9.8 CRITICAL

YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of …

Jun 8, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.