CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-11307
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11306
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11305
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11304
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. …

Jun 5, 2026
CVE-2026-11303
8.8 HIGH

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 5, 2026
CVE-2026-11301
8.8 HIGH

Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network …

Jun 5, 2026
CVE-2026-11297
7.7 HIGH

Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via …

Jun 5, 2026
CVE-2026-11296
7.5 HIGH

Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via …

Jun 5, 2026
CVE-2026-11295
8.8 HIGH

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. …

Jun 5, 2026
CVE-2026-11279
8.8 HIGH

Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a …

Jun 5, 2026
CVE-2026-11272
8.8 HIGH

Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to …

Jun 5, 2026
CVE-2026-11269
7.1 HIGH

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox …

Jun 5, 2026
CVE-2026-11265
7.5 HIGH

Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security …

Jun 5, 2026
CVE-2026-11262
8.8 HIGH

Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 5, 2026
CVE-2026-11256
8.3 HIGH

Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 5, 2026
CVE-2026-11255
7.5 HIGH

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process …

Jun 5, 2026
CVE-2026-11248
8.8 HIGH

Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium …

Jun 5, 2026
CVE-2026-11242
7.5 HIGH

Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak …

Jun 5, 2026
CVE-2026-11241
8.0 HIGH

Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation …

Jun 5, 2026
CVE-2026-11239
7.5 HIGH

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via …

Jun 5, 2026
CVE-2026-10877
7.3 HIGH

A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System up to 1.0. This impacts an unknown function of the file /admin/login.php …

Jun 5, 2026
CVE-2026-10586
7.2 HIGH

The Gutenberg Essential Blocks – Page Builder for Gutenberg Blocks & Patterns plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up …

Jun 5, 2026
CVE-2026-45497
7.7 HIGH

Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network.

Jun 4, 2026
CVE-2026-20245
7.8 HIGH KEV

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, …

Jun 4, 2026
CVE-2026-11237
8.3 HIGH

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform …

Jun 4, 2026
CVE-2026-11236
8.3 HIGH

Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 4, 2026
CVE-2026-11235
8.8 HIGH

Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

Jun 4, 2026
CVE-2026-11231
8.1 HIGH

Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. …

Jun 4, 2026
CVE-2026-11230
8.8 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 4, 2026
CVE-2026-11224
8.1 HIGH

Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. …

Jun 4, 2026
CVE-2026-11211
8.8 HIGH

Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 4, 2026
CVE-2026-11202
8.8 HIGH

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via …

Jun 4, 2026
CVE-2026-11201
8.8 HIGH

Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute …

Jun 4, 2026
CVE-2026-11191
8.8 HIGH

Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access …

Jun 4, 2026
CVE-2026-11188
8.8 HIGH

Use after free in USB in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 4, 2026
CVE-2026-11185
8.1 HIGH

Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute …

Jun 4, 2026
CVE-2026-11179
8.8 HIGH

Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security …

Jun 4, 2026
CVE-2026-11177
8.8 HIGH

Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 4, 2026
CVE-2026-11175
8.8 HIGH

Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML …

Jun 4, 2026
CVE-2026-11173
8.8 HIGH

Out of bounds write in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary …

Jun 4, 2026
CVE-2026-11172
8.8 HIGH

Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted …

Jun 4, 2026
CVE-2026-11171
8.8 HIGH

Integer overflow in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 4, 2026
CVE-2026-11170
8.1 HIGH

Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. …

Jun 4, 2026
CVE-2026-11169
8.1 HIGH

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted XML …

Jun 4, 2026
CVE-2026-11164
8.8 HIGH

Use after free in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 4, 2026
CVE-2026-11158
8.6 HIGH

Insufficient validation of untrusted input in Downloads in Google Chrome on Mac prior to 149.0.7827.53 allowed a local attacker to potentially perform a sandbox escape …

Jun 4, 2026
CVE-2026-11154
7.5 HIGH

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-11151
7.5 HIGH

Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to …

Jun 4, 2026
CVE-2026-11149
7.5 HIGH

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform …

Jun 4, 2026
CVE-2026-11147
8.8 HIGH

Use after free in WebML in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Jun 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.