CVE Database

108856+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-10907
8.8 HIGH

Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Jun 4, 2026
CVE-2026-10906
7.5 HIGH

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 4, 2026
CVE-2026-10905
8.3 HIGH

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10904
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 4, 2026
CVE-2026-10903
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 4, 2026
CVE-2026-10902
8.8 HIGH

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10901
7.5 HIGH

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-10900
7.5 HIGH

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-10899
7.5 HIGH

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-10898
8.3 HIGH

Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10897
8.8 HIGH

Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jun 4, 2026
CVE-2026-10896
8.8 HIGH

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a …

Jun 4, 2026
CVE-2026-10895
8.8 HIGH

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10894
8.3 HIGH

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 4, 2026
CVE-2026-10893
8.8 HIGH

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security …

Jun 4, 2026
CVE-2026-10892
9.6 CRITICAL

Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via …

Jun 4, 2026
CVE-2026-10891
8.8 HIGH

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 4, 2026
CVE-2026-10890
8.8 HIGH

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via …

Jun 4, 2026
CVE-2026-10889
8.3 HIGH

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 4, 2026
CVE-2026-10888
8.8 HIGH

Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via …

Jun 4, 2026
CVE-2026-10887
8.1 HIGH

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. …

Jun 4, 2026
CVE-2026-10886
9.6 CRITICAL

Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Jun 4, 2026
CVE-2026-10885
8.8 HIGH

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a …

Jun 4, 2026
CVE-2026-10884
8.3 HIGH

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10883
8.8 HIGH

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10882
8.8 HIGH

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10881
9.6 CRITICAL

Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via …

Jun 4, 2026
CVE-2026-10875
6.3 MEDIUM

A security flaw has been discovered in projectworlds Online Art Gallery Shop Project 1.0. The impacted element is an unknown function of the file /admin/adminHome.ph. …

Jun 4, 2026
CVE-2026-10874
6.3 MEDIUM

A vulnerability was identified in projectworlds Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation …

Jun 4, 2026
CVE-2026-10873
7.2 HIGH

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation …

Jun 4, 2026
CVE-2026-10872
7.2 HIGH

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a …

Jun 4, 2026
CVE-2025-8873
7.5 HIGH

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control …

Jun 4, 2026
CVE-2024-27892
9.6 CRITICAL

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in …

Jun 4, 2026
CVE-2024-27891
5.3 MEDIUM

On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets …

Jun 4, 2026
CVE-2024-27890
9.6 CRITICAL

Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in …

Jun 4, 2026
CVE-2023-5502
5.9 MEDIUM

On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a …

Jun 4, 2026
CVE-2026-42547
5.4 MEDIUM

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for …

Jun 4, 2026
CVE-2026-42543
4.3 MEDIUM

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request …

Jun 4, 2026
CVE-2026-42540
4.3 MEDIUM

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values …

Jun 4, 2026
CVE-2026-42539
6.5 MEDIUM

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user …

Jun 4, 2026
CVE-2026-11322
6.5 MEDIUM

Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files …

Jun 4, 2026
CVE-2026-10871
7.2 HIGH

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such …

Jun 4, 2026
CVE-2024-6858
6.5 MEDIUM

In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device …

Jun 4, 2026
CVE-2026-5066
6.3 MEDIUM

A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_store() …

Jun 4, 2026
CVE-2026-42538
6.3 MEDIUM

IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. …

Jun 4, 2026
CVE-2026-42329
4.7 MEDIUM

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker …

Jun 4, 2026
CVE-2026-10870
7.2 HIGH

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation …

Jun 4, 2026
CVE-2026-5589
6.3 MEDIUM

An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is enabled, the function parses solicitation …

Jun 4, 2026
CVE-2026-41522

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint …

Jun 4, 2026
CVE-2026-41518
7.6 HIGH

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through …

Jun 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.