CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 hours ago•2 views

EUVD-2026-35260

Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

NVD•added 3 hours ago•3 views

CVE-2026-11660

Cvelist•added yesterday•7 views

CVE-2026-11691

ATTACKERKB•added yesterday•2 views

CVE-2026-11691

3.1CVSS5.5AI score

Exploits0References3Affected Software1

CVE•added yesterday•6 views

CVE-2026-11660

The CVE-2026-11660 entry concerns Google Chrome’s New Tab Page, where insufficient validation of untrusted input in the New Tab Page module allowed a renderer-compromised attacker to potentially escape the sandbox via a crafted HTML page. Affected product: Google Chrome (Chrome/Chromium-based). R...

Cvelist•added yesterday•3 views

CVE-2026-11660

ATTACKERKB•added yesterday•2 views

CVE-2026-11660

Exploits0References3Affected Software1

Positive Technologies•added yesterday•3 views

PT-2026-47486

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в chromium

Before version 99.0.4844.74, using “After Free” in the New Tab page in Google Chrome allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption through specific user interactions...

8.8CVSS7.3AI score0.00229EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в chromium

Insufficient data validation in the New Tab Page of Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML into a new browser tab through a crafted HTML page...

6.1CVSS7.1AI score0.00398EPSS

Exploits1References2

OSV•added 2026/05/05 9:11 p.m.•4 views

CLSA-2026-1777558504 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

7.8CVSS6.8AI score0.01534EPSS

Exploits10References1

OSV•added 2026/04/30 10:41 a.m.•3 views

CLSA-2026-1777545655 vim: Fix of 10 CVEs

7.8CVSS6.8AI score0.01534EPSS

Exploits10References1

EUVD•added 2026/02/16 3:32 p.m.•3 views

EUVD-2026-6083

Malicious scripts that interrupt new tab page loading could cause desynchronization between the address bar and page content, allowing the attacker to spoof arbitrary HTML under a trusted domain. This vulnerability affects Firefox for iOS 147.2.1...

4.3CVSS5.7AI score0.00038EPSS

NVD•added 2025/12/08 8:15 p.m.•2 views

CVE-2025-65229

A stored cross-site scripting XSS vulnerability exists in the web interface of Lyrion Music Server = 9.0.3. An authenticated user with access to Settings Player can save arbitrary HTML/JavaScript in the Player name field. That value is stored by the server and later rendered without proper output...

4.6CVSS0.00024EPSS

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-2720

Malware in sbrugna...

4.3CVSS7.1AI score0.00638EPSS

Exploits0References15

SUSE CVE•added 2023/02/15 5:45 a.m.•1 views

SUSE CVE-2012-4203

The New Tab page in Mozilla Firefox before 17.0 uses a privileged context for execution of JavaScript code by bookmarklets, which allows user-assisted remote attackers to run arbitrary programs by leveraging a javascript: URL in a bookmark...

6.8CVSS8.9AI score0.02424EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 5:8 a.m.•1 views

SUSE CVE-2016-1625

The Chrome Instant feature in Google Chrome before 48.0.2564.109 does not ensure that a New Tab Page NTP navigation target is on the most-visited or suggestions list, which allows remote attackers to bypass intended restrictions via unspecified vectors, related to instantservice.cc and...

4.3CVSS8.9AI score0.00638EPSS