CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

SUSE CVE•added 3 days ago•4 views

SUSE CVE-2026-11078

Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00026EPSS

SUSE CVE•added 3 days ago•4 views

SUSE CVE-2026-11204

Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.0002EPSS

EUVD•added 5 days ago•8 views

EUVD-2026-34593

Insufficient policy enforcement in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.0001EPSS

OSV•added 6 days ago•4 views

DEBIAN-CVE-2026-11123

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.5AI score0.00028EPSS

OSV•added 6 days ago•4 views

DEBIAN-CVE-2026-10982

Use after free in WebXR in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.00071EPSS

Vulnrichment•added 6 days ago•3 views

CVE-2026-10996

Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.00012EPSS

EUVD•added 2026/05/29 12:38 a.m.•8 views

EUVD-2026-33150

Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00036EPSS

OSV•added 2026/05/28 11:16 p.m.•4 views

DEBIAN-CVE-2026-9967

Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00109EPSS

Positive Technologies•added 2026/05/28 12:0 a.m.•6 views

PT-2026-44576

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 148.0.7778.216 Description Insufficient validation of untrusted input in Skia allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HT...

9.6CVSS5.9AI score0.00139EPSS

Exploits0References162

OSV•added 2026/05/22 2:46 a.m.•3 views

GO-2026-5028 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.00061EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•9 views

PT-2026-42230

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.179 Description An inappropriate implementation in the UI allows a remote attacker who has compromised the renderer process to perform UI spoofing using a crafted HTML page. Recommendations Update to...

4.2CVSS5.8AI score0.00061EPSS

Exploits0References24

EUVD•added 2026/05/07 9:30 p.m.•5 views

EUVD-2026-28415

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

7.2CVSS5.8AI score0.00012EPSS

Exploits0References5

AlpineLinux•added 2026/05/06 6:12 p.m.•6 views

CVE-2026-7972

Uninitialized Use in GPU in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.00035EPSS

Exploits0

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в chromium

The use of “after free” in Navigation in Google Chrome before version 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

9.6CVSS5.8AI score0.00047EPSS

ATTACKERKB•added 2026/04/08 9:21 p.m.•1 views

CVE-2026-5915

Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Low...

8.1CVSS5.9AI score0.00109EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/03/31 12:0 a.m.•3 views

Discourse 跨站脚本漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary HTML and JavaScript...

6.1CVSS5.8AI score0.00052EPSS

Cvelist•added 2026/02/11 8:37 p.m.•20 views

CVE-2020-37178 KeePass 2.44 - Denial of Service (PoC)

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

7.5CVSS0.00035EPSS

EUVD•added 2025/11/17 11:19 p.m.•3 views

EUVD-2025-197890

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.5AI score0.00087EPSS