Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
29,995 matching · page 55/600Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-11289(opens NVD record) | Medium | 6.5 | Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11288(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11286(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11284(opens NVD record) | Medium | 6.5 | Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11281(opens NVD record) | Medium | 5.0 | Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11279(opens NVD record) | High | 8.8 | Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11276(opens NVD record) | Medium | 5.1 | Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to bypass discretionary access control via malicious network traffic. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11273(opens NVD record) | Medium | 6.1 | Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11271(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11269(opens NVD record) | High | 7.1 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11268(opens NVD record) | Medium | 6.5 | Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11267(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11266(opens NVD record) | Medium | 4.3 | Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11265(opens NVD record) | High | 7.5 | Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11264(opens NVD record) | Medium | 4.3 | Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11262(opens NVD record) | High | 8.8 | Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11261(opens NVD record) | Medium | 4.3 | Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11260(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11259(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11258(opens NVD record) | Medium | 6.5 | Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11257(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11256(opens NVD record) | High | 8.3 | Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11255(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11254(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11253(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11252(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11251(opens NVD record) | Low | 3.1 | Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11250(opens NVD record) | Critical | 9.6 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11249(opens NVD record) | Medium | 4.7 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11248(opens NVD record) | High | 8.8 | Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11246(opens NVD record) | Medium | 5.3 | Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11245(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11244(opens NVD record) | Low | 3.1 | Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11243(opens NVD record) | Medium | 5.4 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11242(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11241(opens NVD record) | High | 8.0 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11240(opens NVD record) | Low | 3.1 | Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11239(opens NVD record) | High | 7.5 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11238(opens NVD record) | Medium | 5.9 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-48579(opens NVD record) | Critical | 9.1 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-48567(opens NVD record) | Critical | 10.0 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | Jun 4, 2026 |
| CVE-2026-47655(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-47644(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-45497(opens NVD record) | High | 7.7 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network. | Jun 4, 2026 |
| CVE-2026-42824(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-20245(opens NVD record) | High | 7.8 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices. | Jun 4, 2026 |
| CVE-2026-11236(opens NVD record) | High | 8.3 | Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11235(opens NVD record) | High | 8.8 | Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11234(opens NVD record) | Medium | 4.3 | Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11233(opens NVD record) | Medium | 4.7 | Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |