Export limit exceeded: 356032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356032 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-11101 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11106 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-21026 | 1 Samsung | 2 Android, Mobile Devices | 2026-06-06 | 5.5 Medium |
| Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | ||||
| CVE-2026-10955 | 1 Google | 1 Chrome | 2026-06-06 | 8.8 High |
| Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-11104 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11108 | 1 Google | 1 Chrome | 2026-06-06 | 8.8 High |
| Inappropriate implementation in NFC in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11109 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11110 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11111 | 1 Google | 1 Chrome | 2026-06-06 | 8.1 High |
| Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11098 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11102 | 1 Google | 1 Chrome | 2026-06-06 | 8.8 High |
| Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2026-2500 | 2 Davidfcarr, Wordpress | 2 Quick Playground, Wordpress | 2026-06-06 | 4.4 Medium |
| The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing the user-supplied `filename` POST parameter directly to `file_get_contents()` without any validation, sanitization, or path restriction. This makes it possible for authenticated attackers, with Administrator-level access and above, to read arbitrary files on the server, such as `wp-config.php` or `/etc/passwd`, which can contain sensitive information. Note: This vulnerability is only exploitable when the site has been synced with WordPress Playground (the `is_qckply_clone` option is set) or when running on `playground.wordpress.net`. | ||||
| CVE-2026-11113 | 1 Google | 1 Chrome | 2026-06-06 | 9.6 Critical |
| Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-10995 | 1 Google | 1 Chrome | 2026-06-06 | 8.8 High |
| Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-10996 | 1 Google | 1 Chrome | 2026-06-06 | 6.5 Medium |
| Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11120 | 1 Google | 1 Chrome | 2026-06-06 | 9.6 Critical |
| Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-21028 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2026-06-06 | 5.5 Medium |
| Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2026-21030 | 2 Samsung, Samsung Mobile | 2 Android, Samsung Mobile Devices | 2026-06-06 | 7.8 High |
| Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. | ||||
| CVE-2026-10972 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2026-06-06 | 9.6 Critical |
| Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-10968 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-06 | 7.4 High |
| Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||