Search
127,912 CVEs · High severity
CVEs (127,912, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 76–100 of 127,912 (capped at 500)
| CVE ID ↓ | Severity | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9893 | HIGH | Patched | 8.3 | 2026-05-28 | Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape v… |
| CVE-2026-9892 | HIGH | Patched | 8.3 | 2026-05-28 | Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially p… |
| CVE-2026-9890 | HIGH | Patched | 8.3 | 2026-05-28 | Use after free in XR in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox… |
| CVE-2026-9889 | HIGH | Patched | 8.3 | 2026-05-28 | Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTM… |
| CVE-2026-9888 | HIGH | Patched | 8.3 | 2026-05-28 | Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sa… |
| CVE-2026-9887 | HIGH | Patched | 8.8 | 2026-05-28 | Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. (Chromium security severity: … |
| CVE-2026-9885 | HIGH | Patched | 8.3 | 2026-05-28 | Insufficient validation of untrusted input in UI in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to poten… |
| CVE-2026-9884 | HIGH | Patched | 8.8 | 2026-05-28 | Use after free in Browser in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security se… |
| CVE-2026-9883 | HIGH | Patched | 8.8 | 2026-05-28 | Use after free in Base in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2026-9880 | HIGH | Patched | 8.3 | 2026-05-28 | Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potential… |
| CVE-2026-9879 | HIGH | Patched | 8.8 | 2026-05-28 | Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severi… |
| CVE-2026-9878 | HIGH | Patched | 8.8 | 2026-05-28 | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium sec… |
| CVE-2026-9877 | HIGH | Patched | 8.3 | 2026-05-28 | Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape … |
| CVE-2026-9873 | HIGH | Patched | 8.8 | 2026-05-28 | Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium s… |
| CVE-2026-9851 | HIGH | 7.2 | 2026-06-06 | The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capab… | |
| CVE-2026-9809 | HIGH | 7.6 | 2026-05-29 | A stored Cross-Site Scripting (XSS) vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views (su… | |
| CVE-2026-9808 | HIGH | 7.1 | 2026-05-29 | An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles configured with owner-scope restrict… | |
| CVE-2026-9804 | HIGH | 7.7 | 2026-05-28 | A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path traversal vulnerability in the VMExport dire… | |
| CVE-2026-9795 | HIGH | 7.3 | 2026-05-28 | A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability t… | |
| CVE-2026-9757 | HIGH | 7.5 | 2026-05-30 | The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to, and including, 4.5.5 The parameters ar… | |
| CVE-2026-9658 | HIGH | Patched | 7.3 | 2026-05-28 | Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking… |
| CVE-2026-9632 | HIGH | 8.8 | 2026-05-27 | A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file /goform/formGroupConfig of the component Web … | |
| CVE-2026-9631 | HIGH | 8.8 | 2026-05-27 | A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the file /goform/formConfigFastDirectio… | |
| CVE-2026-9628 | HIGH | 8.8 | 2026-05-27 | A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file /goform/formPptpClientConfig of the component Web Managem… | |
| CVE-2026-9627 | HIGH | 8.8 | 2026-05-27 | A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/setSysAdm of the component Web Management I… |