Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
75,904 matching · page 15/1519Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-56264(opens NVD record) | High | 8.1 | Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /execute_js endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary JavaScript and, combined with the browser's relaxed security settings, perform server-side request forgery against internal services. | Jun 30, 2026 |
| CVE-2026-14154(opens NVD record) | Medium | 4.8 | Inappropriate implementation in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14153(opens NVD record) | Medium | 5.3 | Inappropriate implementation in Glic in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14148(opens NVD record) | Medium | 6.5 | Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14144(opens NVD record) | Medium | 4.2 | Incorrect security UI in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14141(opens NVD record) | Medium | 4.3 | Incorrect security UI in Document Picture-in-Picture in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14140(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14139(opens NVD record) | Medium | 4.2 | Inappropriate implementation in TabStrip in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14138(opens NVD record) | Medium | 4.2 | Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14137(opens NVD record) | Medium | 4.2 | Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14134(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14126(opens NVD record) | Medium | 4.3 | Incorrect security UI in UI in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14125(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14124(opens NVD record) | High | 7.8 | Inappropriate implementation in CredentialProvider in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14122(opens NVD record) | High | 8.1 | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14119(opens NVD record) | Medium | 6.5 | Type Confusion in Bluetooth in Google Chrome on Windows prior to 150.0.7871.47 allowed an attacker on the local network segment to obtain potentially sensitive information from process memory via a malicious peripheral. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14117(opens NVD record) | Medium | 5.3 | Insufficient validation of untrusted input in DevTools in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14115(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14114(opens NVD record) | High | 7.5 | Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14113(opens NVD record) | Critical | 9.6 | Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14112(opens NVD record) | Medium | 5.3 | Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14111(opens NVD record) | High | 8.1 | Use after free in WebProtect in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14108(opens NVD record) | High | 8.8 | Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14107(opens NVD record) | High | 8.8 | Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14100(opens NVD record) | Medium | 6.5 | Insufficient data validation in NetworkCache in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14098(opens NVD record) | Medium | 6.5 | Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14095(opens NVD record) | Critical | 9.6 | Insufficient policy enforcement in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14094(opens NVD record) | High | 7.8 | Use after free in Installer in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14093(opens NVD record) | Critical | 9.6 | Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14092(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in Privacy in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14091(opens NVD record) | High | 8.8 | Use after free in DevTools in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14087(opens NVD record) | High | 8.8 | Heap buffer overflow in WebNN in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14081(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14080(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in TabSwitcher in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via malicious network traffic. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14076(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14075(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14074(opens NVD record) | Medium | 6.5 | Side-channel information leakage in WebAuthentication in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14073(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in WebXR in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14071(opens NVD record) | Medium | 6.5 | Side-channel information leakage in WebAudio in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14070(opens NVD record) | Medium | 6.5 | Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14069(opens NVD record) | Medium | 6.5 | Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14065(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in PageInfo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14064(opens NVD record) | High | 7.5 | Use after free in PageInfo in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14063(opens NVD record) | Medium | 5.7 | Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14061(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14060(opens NVD record) | High | 7.8 | Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14059(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in Related-Website-Sets in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14055(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Device Trust in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14051(opens NVD record) | Medium | 6.5 | Uninitialized Use in GamepadAPI in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |
| CVE-2026-14049(opens NVD record) | Medium | 5.3 | Inappropriate implementation in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 30, 2026 |