CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added yesterday•3 views

EUVD-2026-34738

Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00016EPSS

EUVD•added yesterday•4 views

EUVD-2026-34665

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00016EPSS

OSV•added yesterday•2 views

DEBIAN-CVE-2026-11285

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00035EPSS

NVD•added 2 days ago•5 views

CVE-2026-11205

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

6.1CVSS0.00073EPSS

Vulnrichment•added 2 days ago•3 views

CVE-2026-11205

5.6AI score0.00073EPSS

Vulnrichment•added 2 days ago•2 views

CVE-2026-11165

Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00032EPSS

Cvelist•added 2 days ago•23 views

CVE-2026-10951

Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

0.00035EPSS

Debian CVE•added 2 days ago•3 views

CVE-2026-10944

Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.5AI score0.00035EPSS

Exploits0

Positive Technologies•added 2 days ago•7 views

PT-2026-46829

5.8AI score0.00016EPSS

Positive Technologies•added 2 days ago•5 views

PT-2026-46807

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00047EPSS

Positive Technologies•added 2 days ago•5 views

PT-2026-46481

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in the browser allows a remote attacker to potentially exploit heap corruption, which occurs when a program continues to use a pointer after it has been...

9.6CVSS5.8AI score0.01636EPSS

Exploits0References433

Positive Technologies•added 2 days ago•6 views

PT-2026-46692

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description A use after free issue in WebMIDI allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free is a memory corruption flaw that...

9.6CVSS5.8AI score0.01636EPSS

Exploits0References433

RedhatCVE•added 5 days ago•7 views

CVE-2026-9971

An inappropriate implementation flaw was found in the iOS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=508448586...

8.8CVSS5.8AI score0.00028EPSS

Exploits0References4

Microsoft CVE•added 6 days ago•9 views

Chromium: CVE-2026-9956 Use after free in iOS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.5CVSS5.8AI score0.00139EPSS

Exploits0

Cvelist•added 2026/05/29 1:32 p.m.•27 views

CVE-2026-44698 Home Assistant: Cross-origin iframe access token exfiltration via WebView JS bridge callback injection

Home Assistant is open source home automation software that puts local control and privacy first. Prior to 2026.4.1 for iOS and 2026.4.4 for Android, he Home Assistant Companion apps for Android and iOS expose a JavaScript bridge to the in-app WebView window.externalApp on Android and...

8.3CVSS0.0002EPSS

NVD•added 2026/05/28 11:16 p.m.•8 views

CVE-2026-9971

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

5.4CVSS0.00028EPSS

NVD•added 2026/05/28 11:16 p.m.•13 views

CVE-2026-9955

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS0.00031EPSS

NVD•added 2026/05/28 11:16 p.m.•6 views

CVE-2026-9956

Use after free in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

7.5CVSS0.00139EPSS

OSV•added 2026/05/28 11:16 p.m.•3 views

DEBIAN-CVE-2026-9955

Inappropriate implementation in iOS in Google Chrome on iOS prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.8AI score0.00031EPSS