CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

84 matches found

CVE-2026-11126

Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

5.4AI score0.00016EPSS

Exploits0

CVE•added 2 days ago•5 views

CVE-2026-11062

CVE-2026-11062 affects Google Chrome extensions: insufficient policy enforcement in Extensions allows an attacker to inject scripts/HTML into a privileged page when a user installs a crafted malicious extension. Impact is partial integrity compromise of privileged pages; exploit not confirmed in ...

4.3CVSS5.8AI score0.00008EPSS

Exploits0References2

Cvelist•added 2026/05/28 10:25 p.m.•26 views

CVE-2026-9964

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. Chromium security severity: High...

0.0007EPSS

Exploits0References2

Debian CVE•added 2026/05/28 10:25 p.m.•8 views

CVE-2026-9881

Use after free in Bluetooth in Google Chrome on Mac prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. Chromium security severity: Critical...

9CVSS5.8AI score0.00039EPSS

Exploits0

Positive Technologies•added 2026/05/28 12:0 a.m.•5 views

PT-2026-44590

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 148.0.7778.216 Description A use after free issue exists in the Bluetooth component. An attacker who convinces a user to install a malicious extension could potentially perform a sandbox escape—a process ...

9.6CVSS5.8AI score0.00156EPSS

Exploits0References155

Vulnrichment•added 2026/05/15 9:26 p.m.•7 views

CVE-2026-45315 Open WebUI: Stored XSS via attacker-controlled file extension in /api/v1/audio/transcriptions

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, the audio transcription upload endpoint takes the file extension from the user-supplied filename and saves the file under CACHEDIR/audio/transcriptions/.. The /cache/path route serve...

8.7CVSS5.8AI score0.00006EPSS

Exploits1References1

EUVD•added 2026/05/14 7:52 p.m.•7 views

EUVD-2026-30384

Inappropriate implementation in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

4.7CVSS5.8AI score0.00017EPSS

Exploits0References2

SUSE CVE•added 2026/05/08 2:26 a.m.•5 views

SUSE CVE-2026-7941

Insufficient validation of untrusted input in Mobile in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to inject arbitrary scripts or HTML UXSS via a crafted Chrome Extension. Chromium security severity: Medium...

4.4CVSS5.9AI score0.00009EPSS

Exploits0References3

SUSE CVE•added 2026/05/08 2:25 a.m.•6 views

SUSE CVE-2026-8008

Inappropriate implementation in DevTools in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Low...

5.4CVSS5.8AI score0.0002EPSS

Exploits0References3

NVD•added 2026/05/06 7:16 p.m.•1 views

CVE-2026-7962

Insufficient policy enforcement in DirectSockets in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to perform arbitrary read/write via a crafted Chrome Extension. Chromium security severity: Medium...

5.4CVSS0.00045EPSS

Exploits0References2

NVD•added 2026/05/06 7:16 p.m.•3 views

CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

8.8CVSS0.00019EPSS

Exploits0References2

Cvelist•added 2026/05/06 6:12 p.m.•24 views

CVE-2026-7940

0.00019EPSS

Exploits0References2

Debian CVE•added 2026/04/08 9:21 p.m.•2 views

CVE-2026-5914

Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...

8.8CVSS8.5AI score0.00025EPSS

Exploits0

CVE•added 2026/04/08 9:21 p.m.•10 views

CVE-2026-5914

CVE-2026-5914 is a Type Confusion in CSS in Chromium-based Chrome prior to 147.0.7727.55. The vulnerability could allow heap corruption when a user installs a crafted malicious Chrome extension, with exploitation requiring user interaction. Affected software is Google Chrome/Chromium engine; root...

8.8CVSS5.9AI score0.00025EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/08 9:21 p.m.•2 views

CVE-2026-5914

5.9AI score0.00025EPSS

Exploits0References2

AlpineLinux•added 2026/03/04 7:24 p.m.•1 views

CVE-2026-3539

Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS5.9AI score0.0001EPSS

Exploits0

OSV•added 2026/02/23 11:16 p.m.•2 views

DEBIAN-CVE-2026-3063

Inappropriate implementation in DevTools in Google Chrome prior to 145.0.7632.116 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via DevTools. Chromium security severity: High...

5.4CVSS8.2AI score0.00007EPSS

Exploits0References1

ATTACKERKB•added 2026/02/23 10:17 p.m.•4 views

CVE-2026-3063

5.4AI score0.00007EPSS

Exploits0References3Affected Software1

OSV•added 2025/11/10 8:15 p.m.•2 views

CVE-2025-12431

Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. Chromium security severity: High...

6.5CVSS5.8AI score

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-24799

Malware in sbrugna...

8.8CVSS8.4AI score0.03933EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by