CVE Database

108224+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS
CVE-2026-12466
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 17, 2026
CVE-2026-12465
8.3 HIGH

Object lifecycle issue in Metrics in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12464
8.3 HIGH

Use after free in Browser in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12463
4.7 MEDIUM

Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to inject arbitrary …

Jun 17, 2026
CVE-2026-12462
7.5 HIGH

Use after free in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to execute arbitrary code …

Jun 17, 2026
CVE-2026-12461
6.5 MEDIUM

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process …

Jun 17, 2026
CVE-2026-12460
4.2 MEDIUM

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 17, 2026
CVE-2026-12459
6.1 MEDIUM

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML …

Jun 17, 2026
CVE-2026-12458
3.1 LOW

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI gestures to …

Jun 17, 2026
CVE-2026-12457
4.2 MEDIUM

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via …

Jun 17, 2026
CVE-2026-12456
4.2 MEDIUM

Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to bypass same …

Jun 17, 2026
CVE-2026-12455
7.5 HIGH

Use after free in Tab Strip in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who convinced a user to engage in specific UI …

Jun 17, 2026
CVE-2026-12454
8.3 HIGH

Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 17, 2026
CVE-2026-12453
4.2 MEDIUM

Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass …

Jun 17, 2026
CVE-2026-12452
8.8 HIGH

Use after free in Downloads in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted …

Jun 17, 2026
CVE-2026-12451
8.3 HIGH

Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a …

Jun 17, 2026
CVE-2026-12450
6.5 MEDIUM

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted …

Jun 17, 2026
CVE-2026-12449
7.8 HIGH

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious …

Jun 17, 2026
CVE-2026-12448
8.8 HIGH

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. …

Jun 17, 2026
CVE-2026-12447
8.8 HIGH

Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted …

Jun 17, 2026
CVE-2026-12446
4.3 MEDIUM

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security …

Jun 17, 2026
CVE-2026-12445
7.5 HIGH

Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially …

Jun 17, 2026
CVE-2026-12444
5.5 MEDIUM

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process …

Jun 17, 2026
CVE-2026-12443
8.8 HIGH

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. …

Jun 17, 2026
CVE-2026-12442
8.8 HIGH

Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML …

Jun 17, 2026
CVE-2026-12441
8.8 HIGH

Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a …

Jun 17, 2026
CVE-2026-12440
9.6 CRITICAL

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a …

Jun 17, 2026
CVE-2026-12439
8.8 HIGH

Use after free in Digital Credentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML …

Jun 17, 2026
CVE-2026-12438
8.3 HIGH

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform …

Jun 17, 2026
CVE-2026-12437
8.3 HIGH

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially …

Jun 17, 2026
CVE-2026-12360
7.5 HIGH

The JetEngine plugin for WordPress is vulnerable to SQL injection in all versions up to and including 3.8.10.1. The listing_load_more AJAX handler accepts a filtered_query …

Jun 17, 2026
CVE-2026-12256
8.8 HIGH

Contributor PHP Object Injection in Avada <= 3.15.3 versions.

Jun 17, 2026
CVE-2026-12199
7.5 HIGH

A vulnerability in `nltk.app.wordnet_app` up to version 3.9.3 allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when started in its default mode. …

Jun 17, 2026
CVE-2026-12165
8.8 HIGH

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions …

Jun 17, 2026
CVE-2026-12115
6.6 MEDIUM

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up …

Jun 17, 2026
CVE-2026-11975

Stored cross-site scripting (XSS) in NewsItemApiController In SimplCommerce prior to commit 6142d3b5 allows an authenticated administrator to execute arbitrary JavaScript via the ShortContent and FullContent …

Jun 17, 2026
CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a …

Jun 17, 2026
CVE-2026-11857

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The …

Jun 17, 2026
CVE-2026-11410

An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. …

Jun 17, 2026
CVE-2026-11409

An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker …

Jun 17, 2026
CVE-2026-10839

Open redirection vulnerability in the authentication system allows an attacker to use manipulated values in the X-Forwarded-Host header to alter the URLs generated by the …

Jun 17, 2026
CVE-2026-10837

Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header. An attacker could create manipulated links that, when opened by a victim, cause …

Jun 17, 2026
CVE-2026-10836

Improper handling of HTTP headers that allows a remote attacker to manipulate the value of the Host header using specially crafted requests. A successful exploit …

Jun 17, 2026
CVE-2026-10094
9.8 CRITICAL

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files …

Jun 17, 2026
CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege …

Jun 17, 2026
CVE-2026-0083
7.0 HIGH

In Nfc::eventCallback() of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with …

Jun 17, 2026
CVE-2026-0082
7.8 HIGH

In tryStartActivity of NfcDispatcher.java, there is a possible automatic special app access permission assignment due to an insecure default value. This could lead to local …

Jun 17, 2026
CVE-2026-0081
7.8 HIGH

In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of …

Jun 17, 2026
CVE-2026-0071
7.8 HIGH

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege …

Jun 17, 2026
CVE-2026-0068
7.8 HIGH

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from …

Jun 17, 2026

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.