CVE-2026-7537 - The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all version

CVE-2026-2500 - The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and

CVE-2026-9281 - The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits

CVE-2026-9008 - The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and

CVE-2026-8901 - The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin f

CVE-2026-8438 - The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored

CVE-2026-9719 - The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerab

CVE-2026-9290 - The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local

CVE-2026-8976 - The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plu

CVE-2026-8900 - The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Short

CVE-2026-8893 - The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via

CVE-2026-8608 - The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to

CVE-2026-7047 - The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers

CVE-2026-6448 - The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to

CVE-2026-6242 - An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2

CVE-2026-6241 - An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, wh

CVE-2026-6240 - A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers servic

CVE-2026-6239 - A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers servic

CVE-2026-34123 - On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limit

CVE-2026-10038 - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin

CVE-2025-12656 - The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to ar

CVE-2026-7654 - The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code

CVE-2026-7523 - The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and

CVE-2026-45409 - Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationali

CVE-2026-11431 - A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Ent

CVE-2026-11429 - Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium

CVE-2026-11424 - A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by A

CVE-2026-11416 - MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage dow

CVE-2026-36785 - Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow i

CVE-2026-11423 - A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to i

CVE-2026-11422 - Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability

CVE-2026-46493 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `u

CVE-2026-46401 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer

CVE-2026-46400 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and

CVE-2026-46398 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and

CVE-2026-46397 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Aut

CVE-2026-46357 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HA

CVE-2026-45779 - OpenXDMoD is an open framework for collecting and analyzing HPC metrics. An SQL injection vulnerabil

CVE-2026-45778 - OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, an

CVE-2026-45777 - OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 a

CVE-2026-45776 - OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Prior to version 11.0.3, a

CVE-2026-45758 - Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximate

CVE-2026-45300 - The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and async

CVE-2026-25624 - An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboar

CVE-2026-25623 - An input validation command execution vulnerability exists in the browser management pipeline of Ari

CVE-2026-25622 - A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Managem

CVE-2026-25621 - A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista

CVE-2026-25620 - An encrypted password command injection vulnerability exists in the Captive Portal application frame

CVE-2026-11420 - Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Se

CVE-2026-11419 - A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController

CVE-2026-11414 - A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the

CVE-2026-11401 - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon

CVE-2026-11400 - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amaz

CVE-2026-5415 - The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same

CVE-2026-5411 - The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same

CVE-2026-46511 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an att

CVE-2026-46496 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (

CVE-2026-46399 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prio

CVE-2026-46396 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (

CVE-2026-46395 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the `h

CVE-2026-46394 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS

CVE-2026-46393 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Re

CVE-2026-46392 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX

CVE-2026-46391 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and p

CVE-2026-46390 - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and p

CVE-2026-46389 - UDS Identity Config builds the Keycloak configuration image (realm, plugins, theme, truststore, JARs

CVE-2026-10580 - The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Authentication Bypass le

CVE-2026-50733 - Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown co

CVE-2026-49493 - Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which

CVE-2026-49492 - Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a sh

CVE-2026-45750 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45749 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45748 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45746 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45745 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45744 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45743 - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capa

CVE-2026-45327 - TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authent

CVE-2026-45291 - Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in v

CVE-2026-45290 - Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in v

CVE-2026-36501 - An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to ca

CVE-2026-36500 - An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to e

CVE-2026-2379 - On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features ena

CVE-2026-11344 - A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown fu

CVE-2026-11342 - A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affec

CVE-2026-11341 - A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412D

CVE-2025-71318 - NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remo

CVE-2025-71317 - NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants

CVE-2026-8714 - A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due

CVE-2026-7473 - On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (V

CVE-2026-48112 - 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap o

CVE-2026-48111 - 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-b

CVE-2026-48104 - 7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an unini

CVE-2026-48103 - 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-b

CVE-2026-11339 - A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function s

CVE-2026-11338 - A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.

CVE-2026-11337 - A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f

CVE-2025-5090 - CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on

CVE-2025-5089 - In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed mess

CVE-2025-5088 - An authenticated Redis session could be used to obtain full root access to all servers in the CVX cl

CVE-2026-9270 - DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does

CVE-2026-48102 - 7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap o

CVE-2026-48101 - 7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An un

CVE-2026-11362 - DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog:

CVE-2026-11336 - A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7e

CVE-2026-6209 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-6208 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-6207 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-48095 - 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buff

CVE-2026-48092 - 7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap m

CVE-2026-38579 - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through

CVE-2026-37737 - sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() functi

CVE-2026-11335 - A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9

CVE-2026-11334 - A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec8

CVE-2026-11333 - A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a0

CVE-2026-10879 - DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more tha

CVE-2025-59174 - Ericsson Packet Core Controller (PCC) versions prior to 1.39 contain a vulnerability where an attack

CVE-2020-25900 - HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to sha

CVE-2026-50235 - Lyrion Music Server 9.2.0 contains a reflected cross-site scripting vulnerability in advanced search

CVE-2026-50234 - Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attack

CVE-2026-50233 - Lyrion Music Server 9.2.0 contains an arbitrary directory listing vulnerability in its readdirectory

CVE-2026-50232 - Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers

CVE-2026-50231 - Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in t

CVE-2026-50230 - Lyrion Music Server 9.2.0 contains an unauthenticated reflected cross-site scripting vulnerability i

CVE-2026-38500 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with

CVE-2026-11369 - The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perfor

CVE-2026-11330 - A weakness has been identified in thedotmack claude-mem up to 11.0.1. The affected element is the fu

CVE-2026-11329 - A vulnerability has been found in onnx onnx-mlir up to 0.5.0.0. Affected by this issue is the functi

CVE-2026-50264 - An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuff

CVE-2026-50263 - A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client

CVE-2026-50262 - An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableA

CVE-2026-50261 - A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client

CVE-2026-50260 - A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that s

CVE-2026-50259 - A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks()

CVE-2026-50258 - A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has mu

CVE-2026-50257 - A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client

CVE-2026-50256 - A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between

CVE-2026-25659 - Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Va

CVE-2026-25658 - Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Va

CVE-2026-25657 - Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactica

CVE-2026-11346 - A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi a

CVE-2026-11345 - An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenti

CVE-2026-8914 - In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running

CVE-2026-50265 - Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292

CVE-2026-21038 - Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows

CVE-2026-21037 - Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to acc

CVE-2026-21036 - Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to acce

CVE-2026-21035 - Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to ac

CVE-2026-21034 - Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Andro

CVE-2026-21033 - Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant

CVE-2026-21032 - Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant pr

CVE-2026-21031 - Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch a

CVE-2026-21030 - Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers

CVE-2026-21029 - Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Re

CVE-2026-21028 - Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to

CVE-2026-21027 - Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 all

CVE-2026-21026 - Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1

CVE-2026-21025 - Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers t

CVE-2026-21017 - Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1

CVE-2026-11347 - The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a we

CVE-2026-6274 - Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerabi

CVE-2026-49777 - Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider

CVE-2026-11332 - A flaw was found in ansible-core. The ansible-galaxy role install command processes dependency speci

CVE-2026-9088 - A flaw was found in org.keycloak.services. An administrator with delegated access to read group memb

CVE-2026-48907 - A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles fo

CVE-2026-21837 - HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Man

CVE-2026-21826 - HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header inject

CVE-2026-21825 - HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability i

CVE-2026-10732 - All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction

CVE-2026-50593 - Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actio

CVE-2026-7763 - A heap-based buffer overflow vulnerability in the morse.ko HaLow Wi-Fi kernel driver in Morse Micro

CVE-2026-7762 - A heap-based buffer overflow vulnerability in the dot11ah.ko HaLow Wi-Fi kernel driver in Morse Micr

CVE-2026-50592 - In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog

CVE-2026-50591 - In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences.

CVE-2026-50590 - In Mimecast Incydr before 2.6.0, arbitrary file access can occur.

CVE-2026-41567 - Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to

CVE-2026-11326 - OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com ori

CVE-2026-11312 - A vulnerability was found in bytedance InfiniStore up to 0.2.33. The impacted element is the functio

CVE-2026-50589 - In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON

CVE-2026-11309 - Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11308 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attack

CVE-2026-11307 - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execut

CVE-2026-11306 - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execut

CVE-2026-11305 - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execut

CVE-2026-11304 - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potent

CVE-2026-11303 - Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execut

CVE-2026-11302 - Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 all

CVE-2026-11301 - Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11300 - Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11299 - Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtai

CVE-2026-11298 - Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowe

CVE-2026-11297 - Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0

CVE-2026-11296 - Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remot

CVE-2026-11295 - Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a

CVE-2026-11294 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote a

CVE-2026-11293 - Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potenti

CVE-2026-11292 - Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote at

CVE-2026-11291 - Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53

CVE-2026-11290 - Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attac

CVE-2026-11289 - Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote a

CVE-2026-11288 - Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote atta

CVE-2026-11287 - Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 all

CVE-2026-11286 - Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed

CVE-2026-11285 - Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowe

CVE-2026-11284 - Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed

CVE-2026-11283 - Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.

CVE-2026-11282 - Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed

CVE-2026-11281 - Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local at

CVE-2026-11280 - Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remo

CVE-2026-11279 - Out of bounds read in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to

CVE-2026-11278 - Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowe

CVE-2026-11277 - Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 all

CVE-2026-11276 - Inappropriate implementation in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on

CVE-2026-11275 - Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed

CVE-2026-11274 - Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed

CVE-2026-11273 - Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowe

CVE-2026-11272 - Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.78

CVE-2026-11271 - Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote a

CVE-2026-11270 - Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remo

CVE-2026-11269 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attack

CVE-2026-11268 - Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attac

CVE-2026-11267 - Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an att

CVE-2026-11266 - Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remot

CVE-2026-11265 - Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote at

CVE-2026-11264 - Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote at

CVE-2026-11263 - Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827

CVE-2026-11262 - Use after free in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to exec

CVE-2026-11261 - Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacke

CVE-2026-11260 - Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11259 - Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a

CVE-2026-11258 - Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a

CVE-2026-11257 - Inappropriate implementation in Browser in Google Chrome prior to 149.0.7827.53 allowed a remote att

CVE-2026-11256 - Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had co

CVE-2026-11255 - Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.782

CVE-2026-11254 - Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11253 - Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11252 - Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed

CVE-2026-11251 - Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed

CVE-2026-11250 - Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote at

CVE-2026-11249 - Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had

CVE-2026-11248 - Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote

CVE-2026-11247 - Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 all

CVE-2026-11246 - Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allo

CVE-2026-11245 - Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote at

CVE-2026-11244 - Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827

CVE-2026-11243 - Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote a

CVE-2026-11242 - Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowe

CVE-2026-11241 - Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a

CVE-2026-11240 - Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed

CVE-2026-11239 - Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote