Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
13,981 matching · page 63/280Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-11254(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11253(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11252(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11251(opens NVD record) | Low | 3.1 | Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11250(opens NVD record) | Critical | 9.6 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11249(opens NVD record) | Medium | 4.7 | Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11248(opens NVD record) | High | 8.8 | Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11246(opens NVD record) | Medium | 5.3 | Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11245(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11244(opens NVD record) | Low | 3.1 | Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11243(opens NVD record) | Medium | 5.4 | Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11242(opens NVD record) | High | 7.5 | Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11241(opens NVD record) | High | 8.0 | Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11240(opens NVD record) | Low | 3.1 | Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11239(opens NVD record) | High | 7.5 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-11238(opens NVD record) | Medium | 5.9 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) | Jun 5, 2026 |
| CVE-2026-48579(opens NVD record) | Critical | 9.1 | Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-48567(opens NVD record) | Critical | 10.0 | Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network. | Jun 4, 2026 |
| CVE-2026-47655(opens NVD record) | Medium | 6.5 | Exposure of sensitive information to an unauthorized actor in Microsoft Graph allows an authorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-47644(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-45497(opens NVD record) | High | 7.7 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network. | Jun 4, 2026 |
| CVE-2026-42824(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | Jun 4, 2026 |
| CVE-2026-20245(opens NVD record) | High | 7.8 | A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by uploading a crafted file to the affected system. A successful exploit could allow the attacker to perform command injection attacks on an affected system and elevate their privileges as the root user. To exploit this vulnerability, the attacker must have netadmin privileges on the affected system. This would require valid credentials or exploitation of or . Cisco is not aware of successful exploitation by other methods. Cisco has observed limited cases where the exploitation of this bug resulted in a configuration change pushed to edge devices. Cisco recommends that customers upgrade to the fixed software that is documented in the that was published on May 14, 2026, and verify the configuration of the edge devices. | Jun 4, 2026 |
| CVE-2026-11236(opens NVD record) | High | 8.3 | Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11235(opens NVD record) | High | 8.8 | Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11234(opens NVD record) | Medium | 4.3 | Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11233(opens NVD record) | Medium | 4.7 | Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11232(opens NVD record) | Medium | 5.4 | Inappropriate implementation in TabGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11230(opens NVD record) | High | 8.8 | Use after free in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11229(opens NVD record) | Medium | 6.1 | Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11228(opens NVD record) | Medium | 4.3 | Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11227(opens NVD record) | Medium | 6.5 | Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11225(opens NVD record) | Medium | 6.5 | Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11223(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11222(opens NVD record) | Medium | 6.5 | Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11221(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11220(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11219(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11218(opens NVD record) | Medium | 6.8 | Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a malicious file. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11217(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11216(opens NVD record) | Medium | 4.3 | Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Jun 4, 2026 |
| CVE-2026-11213(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11212(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11211(opens NVD record) | High | 8.8 | Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11210(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11209(opens NVD record) | Medium | 6.5 | Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11208(opens NVD record) | Medium | 6.5 | Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11207(opens NVD record) | Critical | 9.6 | Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11206(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Jun 4, 2026 |
| CVE-2026-11201(opens NVD record) | High | 8.8 | Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium) | Jun 4, 2026 |