CVE Database

110702+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-7357
7.5 HIGH

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially exploit heap …

Apr 28, 2026
CVE-2026-7356
8.8 HIGH

Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Apr 28, 2026
CVE-2026-7355
8.8 HIGH

Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Apr 28, 2026
CVE-2026-7354
8.8 HIGH

Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via …

Apr 28, 2026
CVE-2026-7353
8.3 HIGH

Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Apr 28, 2026
CVE-2026-7352
8.3 HIGH

Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially …

Apr 28, 2026
CVE-2026-7351
3.1 LOW

Race in MHTML in Google Chrome prior to 147.0.7727.138 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data …

Apr 28, 2026
CVE-2026-7350
8.3 HIGH

Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Apr 28, 2026
CVE-2026-7349
7.5 HIGH

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to execute arbitrary code inside a …

Apr 28, 2026
CVE-2026-7348
8.8 HIGH

Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Apr 28, 2026
CVE-2026-7347
8.1 HIGH

Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security …

Apr 28, 2026
CVE-2026-7346
8.1 HIGH

Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML …

Apr 28, 2026
CVE-2026-7345
8.3 HIGH

Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially …

Apr 28, 2026
CVE-2026-7344
8.8 HIGH

Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially …

Apr 28, 2026
CVE-2026-7343
7.5 HIGH

Use after free in Views in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially …

Apr 28, 2026
CVE-2026-7342
8.8 HIGH

Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Apr 28, 2026
CVE-2026-7341
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Apr 28, 2026
CVE-2026-7340
4.3 MEDIUM

Integer overflow in ANGLE in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker to perform an out of bounds memory read via …

Apr 28, 2026
CVE-2026-7339
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. …

Apr 28, 2026
CVE-2026-7338
7.5 HIGH

Use after free in Cast in Google Chrome prior to 147.0.7727.138 allowed an attacker on the local network segment to potentially exploit heap corruption via …

Apr 28, 2026
CVE-2026-7337
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Apr 28, 2026
CVE-2026-7336
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Apr 28, 2026
CVE-2026-7335
8.8 HIGH

Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Apr 28, 2026
CVE-2026-7334
8.8 HIGH

Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Apr 28, 2026
CVE-2026-7333
9.6 CRITICAL

Use after free in GPU in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML …

Apr 28, 2026
CVE-2026-5822

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Apr 28, 2026
CVE-2026-42167
8.1 HIGH

mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with …

Apr 28, 2026
CVE-2026-7319
7.3 HIGH

A flaw has been found in elinsky execution-system-mcp 0.1.0. The impacted element is the function _get_context_file_path of the file src/execution_system_mcp/server.py of the component add_action Tool. …

Apr 28, 2026
CVE-2026-7318
5.9 MEDIUM

A vulnerability was detected in elie mcp-project 0.1.0. The affected element is the function search_papers of the file research_server.py. The manipulation of the argument topic …

Apr 28, 2026
CVE-2026-7317
5.0 MEDIUM

A vulnerability was found in Grav CMS up to 1.7.49.5/2.0.0-beta.1. Affected by this vulnerability is the function FileCache::doGet of the file system/src/Grav/Framework/Cache/Adapter/FileCache.php of the component …

Apr 28, 2026
CVE-2026-7316
7.3 HIGH

A vulnerability has been found in eiliyaabedini aider-mcp up to 667b914301aada695aab0e46d1fb3a7d5e32c8af. Affected is an unknown function of the file aider_mcp.py of the component code_with_ai. The …

Apr 28, 2026
CVE-2026-7315
7.3 HIGH

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function get_pdf_path of the file src/spire_pdf_mcp/server.py of the component PDF File Handler. Executing …

Apr 28, 2026
CVE-2026-7314
7.3 HIGH

A vulnerability was detected in eiceblue spire-doc-mcp-server 1.0.0. This affects the function get_doc_path of the file src/spire_doc_mcp/api/base.py. Performing a manipulation of the argument document_name results …

Apr 28, 2026
CVE-2026-7306
5.6 MEDIUM

A security vulnerability has been detected in Xuxueli xxl-job up to 3.3.2. The impacted element is an unknown function of the file xxl-job-admin/src/main/java/com/xxl/job/admin/scheduler/openapi/OpenApiController.java of the …

Apr 28, 2026
CVE-2026-7305
6.3 MEDIUM

A weakness has been identified in Xuxueli xxl-job up to 3.3.2. The affected element is the function triggerJob of the file xxl-job-admin/src/main/java/com/xxl/job/admin/service/impl/XxlJobServiceImpl.java of the component …

Apr 28, 2026
CVE-2026-7303
3.7 LOW

A security flaw has been discovered in Xuxueli xxl-job up to 3.3.2. Impacted is the function logDetailCat of the file xxl-job-admin/src/main/java/com/xxl/job/admin/controller/biz/JobLogController.java of the component Execution …

Apr 28, 2026
CVE-2026-7297
2.4 LOW

A vulnerability was determined in SourceCodester Pizzafy Ecommerce System 1.0. This vulnerability affects the function save_user of the file /admin/ajax.php?action=save_user. Executing a manipulation of the …

Apr 28, 2026
CVE-2026-7296
2.4 LOW

A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. This affects the function save_order of the file /admin/ajax.php?action=save_order. Performing a manipulation of the argument …

Apr 28, 2026
CVE-2026-41649
7.7 HIGH

Outline is a service that allows for collaborative documentation. The `shares.create` API endpoint starting in version 0.86.0 and prior to version 1.7.0 has an insecure …

Apr 28, 2026
CVE-2026-41446
9.8 CRITICAL

Snap One WattBox 800 and 820 series firmware versions prior to 2.10.0.0 contain undisclosed diagnostic HTTP endpoints that require only the device MAC address and …

Apr 28, 2026
CVE-2026-37750
6.1 MEDIUM

A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the …

Apr 28, 2026
CVE-2026-33467
5.9 MEDIUM

Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents …

Apr 28, 2026
CVE-2026-7295
2.4 LOW

A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation …

Apr 28, 2026
CVE-2026-7294
2.4 LOW

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation …

Apr 28, 2026
CVE-2026-7293
4.7 MEDIUM

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function delete_category of the file /admin/ajax.php?action=delete_category. The manipulation of the argument ID …

Apr 28, 2026
CVE-2026-7292
5.6 MEDIUM

A security vulnerability has been detected in o2oa up to 10.0. This impacts the function syncFile of the file NodeAgent.java of the component NodeAgent. The …

Apr 28, 2026
CVE-2026-7291
6.3 MEDIUM

A weakness has been identified in o2oa up to 10.0. This affects the function FileAction of the file FileAction.java of the component URL Fetching. Executing …

Apr 28, 2026
CVE-2026-7290
6.3 MEDIUM

A vulnerability was determined in JeecgBoot up to 3.9.1. Impacted is the function SqlInjectionUtil of the file jeecg-boot/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/SqlInjectionUtil.java of the component loadDict Endpoint. This manipulation …

Apr 28, 2026
CVE-2026-6807
5.5 MEDIUM

A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. …

Apr 28, 2026
CVE-2026-6238
6.5 MEDIUM

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA …

Apr 28, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.