Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
7,953 matching · page 17/160Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-13866(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Input in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13863(opens NVD record) | High | 7.8 | Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13861(opens NVD record) | Critical | 9.6 | Use after free in Core in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13860(opens NVD record) | Medium | 4.2 | Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13859(opens NVD record) | Critical | 9.6 | Inappropriate implementation in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 30, 2026 |
| CVE-2026-13853(opens NVD record) | Critical | 9.6 | Use after free in Journeys in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13850(opens NVD record) | High | 8.8 | Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a local attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13849(opens NVD record) | High | 8.6 | Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13848(opens NVD record) | High | 8.8 | Use after free in Forms in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13845(opens NVD record) | High | 8.8 | Use after free in DOM in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13844(opens NVD record) | High | 7.8 | Use after free in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13831(opens NVD record) | High | 7.5 | Out of bounds read and write in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13829(opens NVD record) | High | 8.3 | Insufficient validation of untrusted input in Settings in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13828(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Enterprise in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13826(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Autofill in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13825(opens NVD record) | High | 8.8 | Uninitialized Use in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13824(opens NVD record) | High | 7.5 | Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13822(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Extensions in Google Chrome on Android prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted Chrome Extension. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13821(opens NVD record) | High | 8.8 | Use after free in Canvas in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13811(opens NVD record) | High | 8.8 | Use after free in IME in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13801(opens NVD record) | High | 8.3 | Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13800(opens NVD record) | High | 7.8 | Inappropriate implementation in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13799(opens NVD record) | High | 8.1 | Use after free in QUIC in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13798(opens NVD record) | Critical | 9.6 | Heap buffer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13797(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13796(opens NVD record) | Critical | 9.6 | Integer overflow in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13794(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13793(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in SVG in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13791(opens NVD record) | High | 8.1 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: High) | Jun 30, 2026 |
| CVE-2026-13787(opens NVD record) | High | 8.1 | Use after free in Chromoting in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13784(opens NVD record) | High | 8.8 | Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13783(opens NVD record) | High | 8.8 | Use after free in Views in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13782(opens NVD record) | Critical | 10.0 | Use after free in Browser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13781(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Skia in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13780(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13777(opens NVD record) | High | 8.8 | Insufficient validation of untrusted input in iOSWeb in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13776(opens NVD record) | Critical | 9.8 | Type Confusion in Dawn in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13775(opens NVD record) | Critical | 9.8 | Use after free in GPU in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-13774(opens NVD record) | High | 8.1 | Use after free in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Critical) | Jun 30, 2026 |
| CVE-2026-57204(opens NVD record) | Medium | 6.5 | pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3. | Jun 30, 2026 |
| CVE-2026-11541(opens NVD record) | High | 7.4 | IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are affected by an HTTP request smuggling vulnerability. | Jun 30, 2026 |
| CVE-2026-11594(opens NVD record) | High | 8.5 | IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console. | Jun 30, 2026 |
| CVE-2025-36359(opens NVD record) | High | 8.1 | IBM DevOps Automation 1.0.1 and IBM DevOps Loop 1.0.2 does not invalidate session IDs after expiration which could allow an authenticated user to impersonate another user on the system. | Jun 30, 2026 |
| CVE-2025-36336(opens NVD record) | Medium | 5.9 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 transmits data in clear text that could allow an attacker to obtain sensitive information using man in the middle techniques. | Jun 30, 2026 |
| CVE-2025-36333(opens NVD record) | Medium | 4.3 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to perform unauthorized actions due to the improper enforcement of behavioral workflow. | Jun 30, 2026 |
| CVE-2025-36328(opens NVD record) | Medium | 4.3 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Jun 30, 2026 |
| CVE-2025-36327(opens NVD record) | Medium | 6.5 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 could allow an authenticated user to bypass security controls and perform unauthorized actions due to client-side enforcement of sever-side security. | Jun 30, 2026 |
| CVE-2025-36324(opens NVD record) | Medium | 4.3 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 s vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | Jun 30, 2026 |
| CVE-2025-36323(opens NVD record) | Medium | 5.4 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Jun 30, 2026 |
| CVE-2025-36321(opens NVD record) | Medium | 5.7 | IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.2.2, 5.3.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | Jun 30, 2026 |