Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
14,585 matching · page 121/292Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-4461(opens NVD record) | High | 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4460(opens NVD record) | High | 8.8 | Out of bounds read in Skia in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4459(opens NVD record) | High | 8.8 | Out of bounds read and write in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4458(opens NVD record) | High | 8.8 | Use after free in Extensions in Google Chrome prior to 146.0.7680.153 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4457(opens NVD record) | High | 8.8 | Type Confusion in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4456(opens NVD record) | High | 8.8 | Use after free in Digital Credentials API in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4455(opens NVD record) | High | 8.8 | Heap buffer overflow in PDFium in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4454(opens NVD record) | High | 8.8 | Use after free in Network in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4452(opens NVD record) | High | 8.8 | Integer overflow in ANGLE in Google Chrome on Windows prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4451(opens NVD record) | High | 8.8 | Insufficient validation of untrusted input in Navigation in Google Chrome prior to 146.0.7680.153 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4450(opens NVD record) | High | 8.8 | Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4449(opens NVD record) | High | 8.8 | Use after free in Blink in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4448(opens NVD record) | High | 8.8 | Heap buffer overflow in ANGLE in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4447(opens NVD record) | High | 8.8 | Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4446(opens NVD record) | High | 8.8 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4445(opens NVD record) | High | 8.8 | Use after free in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4444(opens NVD record) | High | 8.8 | Stack buffer overflow in WebRTC in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4443(opens NVD record) | High | 8.8 | Heap buffer overflow in WebAudio in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4442(opens NVD record) | High | 8.8 | Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Mar 20, 2026 |
| CVE-2026-4441(opens NVD record) | High | 8.8 | Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | Mar 20, 2026 |
| CVE-2026-4440(opens NVD record) | High | 8.8 | Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical) | Mar 20, 2026 |
| CVE-2026-4439(opens NVD record) | High | 8.8 | Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | Mar 20, 2026 |
| CVE-2026-22737(opens NVD record) | Medium | 5.9 | Use of Java scripting engine enabled (e.g. JRuby, Jython) template views in Spring MVC and Spring WebFlux applications can result in disclosure of content from files outside the configured locations for script template views. This issue affects Spring Framework: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46. | Mar 20, 2026 |
| CVE-2026-22735(opens NVD record) | Low | 2.6 | Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events (SSE). This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46. | Mar 20, 2026 |
| CVE-2026-22733(opens NVD record) | High | 8.2 | Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under the path used by the CloudFoundry Actuator endpoints. This issue affects Spring Security: from 4.0.0 through 4.0.3, from 3.5.0 through 3.5.11, from 3.4.0 through 3.4.14, from 3.3.0 through 3.3.17, from 2.7.0 through 2.7.31. | Mar 20, 2026 |
| CVE-2026-22732(opens NVD record) | Critical | 9.1 | When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy (default) writing of HTTP Headers: : from 5.7.0 through 5.7.21, from 5.8.0 through 5.8.23, from 6.3.0 through 6.3.14, from 6.4.0 through 6.4.14, from 6.5.0 through 6.5.8, from 7.0.0 through 7.0.3. | Mar 19, 2026 |
| CVE-2026-22731(opens NVD record) | High | 8.2 | Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15. This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different. | Mar 19, 2026 |
| CVE-2026-32194(opens NVD record) | Critical | 9.8 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. | Mar 19, 2026 |
| CVE-2026-32191(opens NVD record) | Critical | 9.8 | Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network. | Mar 19, 2026 |
| CVE-2026-32169(opens NVD record) | Critical | 10.0 | Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network. | Mar 19, 2026 |
| CVE-2026-26139(opens NVD record) | High | 8.6 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | Mar 19, 2026 |
| CVE-2026-26138(opens NVD record) | High | 8.6 | Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | Mar 19, 2026 |
| CVE-2026-26137(opens NVD record) | Critical | 9.9 | Server-side request forgery (ssrf) in Microsoft Exchange allows an authorized attacker to elevate privileges over a network. | Mar 19, 2026 |
| CVE-2026-26136(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to disclose information over a network. | Mar 19, 2026 |
| CVE-2026-26120(opens NVD record) | Medium | 6.5 | Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to perform tampering over a network. | Mar 19, 2026 |
| CVE-2026-24299(opens NVD record) | Medium | 5.3 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | Mar 19, 2026 |
| CVE-2026-23659(opens NVD record) | High | 8.6 | Exposure of sensitive information to an unauthorized actor in Azure Data Factory allows an unauthorized attacker to disclose information over a network. | Mar 19, 2026 |
| CVE-2026-23658(opens NVD record) | High | 8.6 | Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | Mar 19, 2026 |
| CVE-2026-25667(opens NVD record) | High | 7.5 | ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | Mar 19, 2026 |
| CVE-2026-4426(opens NVD record) | Medium | 6.5 | A flaw was found in libarchive. An Undefined Behavior vulnerability exists in the zisofs decompression logic, caused by improper validation of a field (`pz_log2_bs`) read from ISO9660 Rock Ridge extensions. A remote attacker can exploit this by supplying a specially crafted ISO file. This can lead to incorrect memory allocation and potential application crashes, resulting in a denial-of-service (DoS) condition. | Mar 19, 2026 |
| CVE-2026-4424(opens NVD record) | High | 7.5 | A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. | Mar 19, 2026 |
| CVE-2026-1276(opens NVD record) | Medium | 5.4 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Mar 19, 2026 |
| CVE-2025-36051(opens NVD record) | Medium | 6.2 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user. | Mar 19, 2026 |
| CVE-2025-15051(opens NVD record) | Medium | 5.4 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality. | Mar 19, 2026 |
| CVE-2025-13995(opens NVD record) | Medium | 5.0 | IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account. | Mar 19, 2026 |
| CVE-2026-31995(opens NVD record) | Medium | 5.3 | OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true, attackers can exploit cmd.exe command interpretation to execute malicious commands by controlling workflow arguments. | Mar 19, 2026 |
| CVE-2026-31994(opens NVD record) | High | 7.1 | OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context. | Mar 19, 2026 |
| CVE-2026-26740(opens NVD record) | High | 8.2 | Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size. | Mar 18, 2026 |
| CVE-2026-30695(opens NVD record) | Medium | 6.1 | A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter of the /file_manager.cgi endpoint. | Mar 18, 2026 |
| CVE-2026-22730(opens NVD record) | High | 8.8 | A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability exists due to missing input sanitization. | Mar 18, 2026 |