CVE Database

36368+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-10921
8.3 HIGH

Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …

Jun 4, 2026
CVE-2026-10920
8.3 HIGH

Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process …

Jun 4, 2026
CVE-2026-10919
8.3 HIGH

Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10918
8.3 HIGH

Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10917
8.3 HIGH

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 4, 2026
CVE-2026-10915
8.3 HIGH

Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 4, 2026
CVE-2026-10914
8.8 HIGH

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Jun 4, 2026
CVE-2026-10913
8.8 HIGH

Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via …

Jun 4, 2026
CVE-2026-10911
8.3 HIGH

Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 4, 2026
CVE-2026-10910
8.8 HIGH

Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 4, 2026
CVE-2026-10909
8.3 HIGH

Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10908
8.3 HIGH

Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 4, 2026
CVE-2026-10907
8.8 HIGH

Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Jun 4, 2026
CVE-2026-10906
7.5 HIGH

Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures …

Jun 4, 2026
CVE-2026-10905
8.3 HIGH

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10904
8.8 HIGH

Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML …

Jun 4, 2026
CVE-2026-10903
8.8 HIGH

Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 4, 2026
CVE-2026-10902
8.8 HIGH

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10901
7.5 HIGH

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-10900
7.5 HIGH

Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-10899
7.5 HIGH

Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific …

Jun 4, 2026
CVE-2026-10898
8.3 HIGH

Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10897
8.8 HIGH

Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. …

Jun 4, 2026
CVE-2026-10896
8.8 HIGH

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a …

Jun 4, 2026
CVE-2026-10895
8.8 HIGH

Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10894
8.3 HIGH

Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 4, 2026
CVE-2026-10893
8.8 HIGH

Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security …

Jun 4, 2026
CVE-2026-10891
8.8 HIGH

Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 4, 2026
CVE-2026-10890
8.8 HIGH

Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via …

Jun 4, 2026
CVE-2026-10889
8.3 HIGH

Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 4, 2026
CVE-2026-10888
8.8 HIGH

Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via …

Jun 4, 2026
CVE-2026-10887
8.1 HIGH

Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. …

Jun 4, 2026
CVE-2026-10885
8.8 HIGH

Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a …

Jun 4, 2026
CVE-2026-10884
8.3 HIGH

Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 4, 2026
CVE-2026-10883
8.8 HIGH

Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10882
8.8 HIGH

Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium …

Jun 4, 2026
CVE-2026-10873
7.2 HIGH

A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation …

Jun 4, 2026
CVE-2026-10872
7.2 HIGH

A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a …

Jun 4, 2026
CVE-2025-8873
7.5 HIGH

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control …

Jun 4, 2026
CVE-2026-10871
7.2 HIGH

A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such …

Jun 4, 2026
CVE-2026-10870
7.2 HIGH

A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation …

Jun 4, 2026
CVE-2026-41518
7.6 HIGH

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through …

Jun 4, 2026
CVE-2026-41249
8.2 HIGH

CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dangerously checks out …

Jun 4, 2026
CVE-2026-41236
8.8 HIGH

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. …

Jun 4, 2026
CVE-2026-41234
7.6 HIGH

Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An …

Jun 4, 2026
CVE-2026-50292
7.4 HIGH

In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution

Jun 4, 2026
CVE-2026-25551
7.8 HIGH

Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint …

Jun 4, 2026
CVE-2026-10796
7.5 HIGH

nvm (Node Version Manager) through 0.40.4 executes arbitrary commands from version strings supplied by the configured Node.js/io.js mirror. Commands such as `nvm install` read the …

Jun 4, 2026
CVE-2025-69755
8.2 HIGH

An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the …

Jun 4, 2026
CVE-2025-67448
7.1 HIGH

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS …

Jun 4, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.