CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-11248
8.8 HIGH

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium …

Jun 5, 2026
CVE-2026-11247
3.1 LOW

Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML …

Jun 5, 2026
CVE-2026-11246
5.3 MEDIUM

Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 5, 2026
CVE-2026-11245
4.3 MEDIUM

Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security …

Jun 5, 2026
CVE-2026-11244
3.1 LOW

Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 5, 2026
CVE-2026-11243
5.4 MEDIUM

Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security …

Jun 5, 2026
CVE-2026-11242
7.5 HIGH

Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak …

Jun 5, 2026
CVE-2026-11241
8.0 HIGH

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation …

Jun 5, 2026
CVE-2026-11240
3.1 LOW

Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 5, 2026
CVE-2026-11239
7.5 HIGH

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via …

Jun 5, 2026
CVE-2026-11238
5.9 MEDIUM

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially …

Jun 5, 2026
CVE-2026-10878
6.3 MEDIUM

A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results …

Jun 5, 2026
CVE-2026-10877
7.3 HIGH

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php …

Jun 5, 2026
CVE-2026-10876
6.3 MEDIUM

A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of …

Jun 5, 2026
CVE-2026-10586
7.2 HIGH

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up …

Jun 5, 2026
CVE-2026-48579
9.1 CRITICAL

Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.

Jun 4, 2026
CVE-2026-48567
10.0 CRITICAL

Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.

Jun 4, 2026
CVE-2026-47655
6.5 MEDIUM

Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network.

Jun 4, 2026
CVE-2026-47644
6.5 MEDIUM

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information …

Jun 4, 2026
CVE-2026-45497
7.7 HIGH

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

Jun 4, 2026
CVE-2026-42824
6.5 MEDIUM

Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.

Jun 4, 2026
CVE-2026-20245
7.8 HIGH KEV

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, …

Jun 4, 2026
CVE-2026-11237
8.3 HIGH

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform …

Jun 4, 2026
CVE-2026-11236
8.3 HIGH

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 4, 2026
CVE-2026-11235
8.8 HIGH

Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

Jun 4, 2026
CVE-2026-11234
4.3 MEDIUM

Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 4, 2026
CVE-2026-11233
4.7 MEDIUM

Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin …

Jun 4, 2026
CVE-2026-11232
5.4 MEDIUM

Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: …

Jun 4, 2026
CVE-2026-11231
8.1 HIGH

Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. …

Jun 4, 2026
CVE-2026-11230
8.8 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 4, 2026
CVE-2026-11229
6.1 MEDIUM

Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium …

Jun 4, 2026
CVE-2026-11228
4.3 MEDIUM

Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 4, 2026
CVE-2026-11227
6.5 MEDIUM

Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain …

Jun 4, 2026
CVE-2026-11226
6.5 MEDIUM

Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-11225
6.5 MEDIUM

Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security …

Jun 4, 2026
CVE-2026-11224
8.1 HIGH

Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. …

Jun 4, 2026
CVE-2026-11223
6.5 MEDIUM

Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 4, 2026
CVE-2026-11222
6.5 MEDIUM

Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. …

Jun 4, 2026
CVE-2026-11221
4.3 MEDIUM

Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform …

Jun 4, 2026
CVE-2026-11220
6.5 MEDIUM

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 4, 2026
CVE-2026-11219
4.3 MEDIUM

Inappropriate implementation in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security …

Jun 4, 2026
CVE-2026-11218
6.8 MEDIUM

Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI …

Jun 4, 2026
CVE-2026-11217
6.5 MEDIUM

Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation …

Jun 4, 2026
CVE-2026-11216
4.3 MEDIUM

Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI …

Jun 4, 2026
CVE-2026-11215
6.5 MEDIUM

Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. …

Jun 4, 2026
CVE-2026-11214
6.5 MEDIUM

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted …

Jun 4, 2026
CVE-2026-11213
9.6 CRITICAL

Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to …

Jun 4, 2026
CVE-2026-11212
4.3 MEDIUM

Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak …

Jun 4, 2026
CVE-2026-11211
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 4, 2026
CVE-2026-11210
6.5 MEDIUM

Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. …

Jun 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.