CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

7.8CVSS5.3AI score0.00127EPSS

EUVD-2026-37534

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

6.5CVSS5.4AI score0.00225EPSS

EUVD-2026-37546

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.5CVSS5.2AI score0.00133EPSS

EUVD-2026-37529

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

EUVD•added 2 days ago•6 views

EUVD-2026-37522

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.4AI score0.00279EPSS

9.6CVSS5.4AI score0.003EPSS

EUVD-2026-37525

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

EUVD•added 2 days ago•8 views

EUVD-2025-210211

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

6.8CVSS5.3AI score0.00143EPSS

6.8CVSS5.3AI score0.00163EPSS

EUVD-2025-210212

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

EUVD•added 2 days ago•4 views

EUVD-2026-37773

Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...

7.5CVSS5.2AI score0.00482EPSS

Exploits0References4

NVD•added 2 days ago•4 views

CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS0.00395EPSS

CVE-2026-12461

6.5CVSS0.00225EPSS

OSV•added 2 days ago•3 views

DEBIAN-CVE-2026-12449

7.8CVSS5.3AI score0.00127EPSS

NVD•added 2 days ago•2 views

CVE-2026-12449

7.8CVSS0.00127EPSS

CVE-2026-12440

9.6CVSS0.003EPSS

CVE-2026-12444

5.5CVSS0.00133EPSS

OSV•added 2 days ago•3 views

DEBIAN-CVE-2026-12444

5.5CVSS5.2AI score0.00133EPSS

CVE-2026-12437

8.3CVSS0.00279EPSS

NVD•added 2 days ago•2 views

CVE-2025-15641

6.8CVSS0.00163EPSS

CVE-2025-15642

6.8CVSS0.00143EPSS