CVE Database

109356+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-8013
4.3 MEDIUM

Insufficient validation of untrusted input in FedCM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML …

May 6, 2026
CVE-2026-8012
5.4 MEDIUM

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or …

May 6, 2026
CVE-2026-8011
4.3 MEDIUM

Insufficient policy enforcement in Search in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium …

May 6, 2026
CVE-2026-8010
6.3 MEDIUM

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass …

May 6, 2026
CVE-2026-8009
5.0 MEDIUM

Inappropriate implementation in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via …

May 6, 2026
CVE-2026-8008
5.4 MEDIUM

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI …

May 6, 2026
CVE-2026-8007
7.5 HIGH

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform …

May 6, 2026
CVE-2026-8006
5.4 MEDIUM

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform …

May 6, 2026
CVE-2026-8005
4.3 MEDIUM

Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed an attacker on the local network segment to bypass same origin …

May 6, 2026
CVE-2026-8004
4.3 MEDIUM

Insufficient policy enforcement in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to leak …

May 6, 2026
CVE-2026-8003
5.4 MEDIUM

Insufficient validation of untrusted input in TabGroups in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform UI spoofing via malicious network traffic. …

May 6, 2026
CVE-2026-8002
8.8 HIGH

Use after free in Audio in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via …

May 6, 2026
CVE-2026-8001
8.3 HIGH

Use After Free in Printing in Google Chrome on Linux, Mac, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process …

May 6, 2026
CVE-2026-8000
8.8 HIGH

Insufficient validation of untrusted input in ChromeDriver in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code via a …

May 6, 2026
CVE-2026-7999
4.3 MEDIUM

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted …

May 6, 2026
CVE-2026-7998
5.4 MEDIUM

Insufficient validation of untrusted input in Dialog in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform …

May 6, 2026
CVE-2026-7997
7.8 HIGH

Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via …

May 6, 2026
CVE-2026-7996
4.2 MEDIUM

Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform …

May 6, 2026
CVE-2026-7995
8.8 HIGH

Out of bounds read in AdFilter in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

May 6, 2026
CVE-2026-7994
7.8 HIGH

Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. …

May 6, 2026
CVE-2026-7993
4.2 MEDIUM

Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process …

May 6, 2026
CVE-2026-7992
8.8 HIGH

Insufficient validation of untrusted input in UI in Google Chrome on Linux, ChromeOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to …

May 6, 2026
CVE-2026-7991
8.8 HIGH

Use after free in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

May 6, 2026
CVE-2026-7990
7.8 HIGH

Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via …

May 6, 2026
CVE-2026-7989
4.2 MEDIUM

Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write …

May 6, 2026
CVE-2026-7988
8.8 HIGH

Type Confusion in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

May 6, 2026
CVE-2026-7987
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

May 6, 2026
CVE-2026-7986
4.3 MEDIUM

Insufficient policy enforcement in Autofill in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium …

May 6, 2026
CVE-2026-7985
8.3 HIGH

Use after free in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a …

May 6, 2026
CVE-2026-7984
8.8 HIGH

Use after free in ReadingMode in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

May 6, 2026
CVE-2026-7983
4.3 MEDIUM

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. …

May 6, 2026
CVE-2026-7982
6.5 MEDIUM

Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted …

May 6, 2026
CVE-2026-7981
8.1 HIGH

Out of bounds read in Codecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via …

May 6, 2026
CVE-2026-7980
8.8 HIGH

Use after free in WebAudio in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

May 6, 2026
CVE-2026-7979
4.3 MEDIUM

Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security …

May 6, 2026
CVE-2026-7978
8.1 HIGH

Inappropriate implementation in Companion in Google Chrome on Mac prior to 148.0.7778.96 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. …

May 6, 2026
CVE-2026-7977
6.3 MEDIUM

Inappropriate implementation in Canvas in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium …

May 6, 2026
CVE-2026-7976
7.5 HIGH

Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute …

May 6, 2026
CVE-2026-7975
8.3 HIGH

Use after free in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a …

May 6, 2026
CVE-2026-7974
8.8 HIGH

Use after free in Blink in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

May 6, 2026
CVE-2026-7973
8.8 HIGH

Integer overflow in Dawn in Google Chrome on Windows prior to 148.0.7778.96 allowed a remote attacker to potentially perform a sandbox escape via a crafted …

May 6, 2026
CVE-2026-7972
4.3 MEDIUM

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …

May 6, 2026
CVE-2026-7971
6.3 MEDIUM

Inappropriate implementation in ORB in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security …

May 6, 2026
CVE-2026-7970
8.3 HIGH

Use after free in TopChrome in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a …

May 6, 2026
CVE-2026-7969
4.3 MEDIUM

Integer overflow in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass same origin policy …

May 6, 2026
CVE-2026-7968
3.1 LOW

Insufficient validation of untrusted input in CORS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass …

May 6, 2026
CVE-2026-7967
8.3 HIGH

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially …

May 6, 2026
CVE-2026-7966
3.1 LOW

Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass …

May 6, 2026
CVE-2026-7965
3.1 LOW

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak …

May 6, 2026
CVE-2026-7964
4.2 MEDIUM

Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform …

May 6, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.