CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

87 matches found

EUVD-2026-39043

Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

7.5CVSS5.9AI score0.00149EPSS

Exploits0References2

CVE•added 2026/06/08 11:27 p.m.•24 views

CVE-2026-11644

CVE-2026-11644 describes a use-after-free in the Views component of Google Chrome on Linux, allowing code execution via a crafted Chrome Extension when a user is convinced to install a malicious extension. Affected software: Google Chrome (Linux) with the vulnerable Views code path. Root cause: u...

7.5CVSS6AI score0.00202EPSS

Exploits0References2Affected Software1

OSV•added 2026/06/04 11:17 p.m.•8 views

DEBIAN-CVE-2026-10997

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS5.4AI score0.00241EPSS

Exploits0References1

Debian CVE•added 2026/06/04 11:5 p.m.•8 views

CVE-2026-11126

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

4.3CVSS5.4AI score0.00142EPSS

Exploits0

CVE•added 2026/06/04 11:4 p.m.•15 views

CVE-2026-11062

CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...

4.3CVSS5.8AI score0.00135EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/28 10:25 p.m.•31 views

CVE-2026-9964

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

0.00233EPSS

Exploits0References2

Debian CVE•added 2026/05/28 10:25 p.m.•9 views

CVE-2026-9881

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

9CVSS5.8AI score0.00203EPSS

Exploits0

Positive Technologies•added 2026/05/28 12:0 a.m.•8 views

PT-2026-44590

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue exists in the Bluetooth component. An attacker who convinces a user to install a malicious extension could potentially perform a sandbox escape—a process ...

9.6CVSS5.8AI score0.00368EPSS

Exploits0References155

Vulnrichment•added 2026/05/15 9:26 p.m.•9 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.0018EPSS

Exploits1References1

EUVD•added 2026/05/14 7:52 p.m.•13 views

EUVD-2026-30384

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.7CVSS5.8AI score0.00134EPSS

Exploits0References2

SUSE CVE•added 2026/05/08 2:26 a.m.•7 views

SUSE CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

4.4CVSS5.9AI score0.00112EPSS

Exploits0References3

SUSE CVE•added 2026/05/08 2:25 a.m.•9 views

SUSE CVE-2026-8008

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.4CVSS5.8AI score0.00121EPSS

Exploits0References3

NVD•added 2026/05/06 7:16 p.m.•5 views

CVE-2026-7962

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS0.00171EPSS

Exploits0References2

NVD•added 2026/05/06 7:16 p.m.•7 views

CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS0.00196EPSS

Exploits0References2

Cvelist•added 2026/05/06 6:12 p.m.•27 views

CVE-2026-7940

0.00196EPSS

Exploits0References2

CVE•added 2026/04/08 9:21 p.m.•17 views

CVE-2026-5914

CVE-2026-5914 is a Type Confusion in CSS in Chromium-based Chrome prior to 147.0.7727.55. The vulnerability could allow heap corruption when a user installs a crafted malicious Chrome extension, with exploitation requiring user interaction. Affected software is Google Chrome/Chromium engine; root...

8.8CVSS5.9AI score0.00164EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/08 9:21 p.m.•3 views

CVE-2026-5914

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...

5.9AI score0.00164EPSS

Exploits0References2

Debian CVE•added 2026/04/08 9:21 p.m.•8 views

CVE-2026-5914

8.8CVSS8.5AI score0.00164EPSS

Exploits0

AlpineLinux•added 2026/03/04 7:24 p.m.•4 views

CVE-2026-3539

Rejected reason: Determined a bug and not a vulnerability...

7.8AI score0.00271EPSS

Exploits0

OSV•added 2026/02/23 11:16 p.m.•4 views

DEBIAN-CVE-2026-3063

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

5.4CVSS8.2AI score0.00184EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by