Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,278 matching · page 164/686Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-4113(opens NVD record) | High | 7.2 | An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials. | Apr 9, 2026 |
| CVE-2026-4112(opens NVD record) | High | 7.2 | Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | Apr 9, 2026 |
| CVE-2025-62718(opens NVD record) | Critical | 9.9 | Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a trailing dot) or [::1] (IPv6 literal) skip NO_PROXY matching and go through the configured proxy. This goes against what developers expect and lets attackers force requests through a proxy, even if NO_PROXY is set up to protect loopback or internal services. This issue leads to the possibility of proxy bypass and SSRF vulnerabilities allowing attackers to reach sensitive loopback or internal services despite the configured protections. This vulnerability is fixed in 1.15.0 and 0.31.0. | Apr 9, 2026 |
| CVE-2026-4660(opens NVD record) | High | 7.5 | HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package. | Apr 9, 2026 |
| CVE-2026-5919(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5918(opens NVD record) | Medium | 4.3 | Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5915(opens NVD record) | High | 8.1 | Insufficient validation of untrusted input in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5914(opens NVD record) | High | 8.8 | Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5913(opens NVD record) | High | 8.1 | Out of bounds read in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5912(opens NVD record) | High | 8.8 | Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5911(opens NVD record) | Medium | 4.3 | Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5910(opens NVD record) | High | 8.8 | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5909(opens NVD record) | High | 8.8 | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5908(opens NVD record) | High | 8.8 | Integer overflow in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted video file. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5907(opens NVD record) | High | 8.1 | Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5906(opens NVD record) | Medium | 4.3 | Incorrect security UI in Omnibox in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5905(opens NVD record) | Medium | 6.5 | Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5903(opens NVD record) | Medium | 6.5 | Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5902(opens NVD record) | Critical | 9.8 | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5901(opens NVD record) | Medium | 6.5 | Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5900(opens NVD record) | Medium | 4.3 | Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5899(opens NVD record) | Medium | 6.1 | Insufficient policy enforcement in History Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5898(opens NVD record) | Medium | 4.3 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5897(opens NVD record) | Medium | 4.3 | Incorrect security UI in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5896(opens NVD record) | Medium | 6.1 | Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5895(opens NVD record) | Medium | 5.4 | Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5894(opens NVD record) | Medium | 4.3 | Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | Apr 8, 2026 |
| CVE-2026-5893(opens NVD record) | Medium | 6.8 | Race in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5892(opens NVD record) | Medium | 6.6 | Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5891(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5890(opens NVD record) | Medium | 5.3 | Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5889(opens NVD record) | Medium | 4.3 | Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5888(opens NVD record) | Medium | 6.5 | Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5887(opens NVD record) | Medium | 4.3 | Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5885(opens NVD record) | Medium | 6.5 | Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5884(opens NVD record) | High | 8.8 | Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5883(opens NVD record) | High | 8.8 | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5882(opens NVD record) | Medium | 4.3 | Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5881(opens NVD record) | Medium | 6.5 | Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5880(opens NVD record) | Medium | 4.3 | Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5878(opens NVD record) | Medium | 4.3 | Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5877(opens NVD record) | High | 8.8 | Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5876(opens NVD record) | Medium | 6.5 | Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5875(opens NVD record) | Medium | 4.3 | Policy bypass in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5874(opens NVD record) | Critical | 9.6 | Use after free in PrivateAI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | Apr 8, 2026 |
| CVE-2026-5873(opens NVD record) | High | 8.8 | Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Apr 8, 2026 |
| CVE-2026-5872(opens NVD record) | High | 8.8 | Use after free in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Apr 8, 2026 |
| CVE-2026-5871(opens NVD record) | High | 8.8 | Type Confusion in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Apr 8, 2026 |
| CVE-2026-5870(opens NVD record) | High | 8.8 | Integer overflow in Skia in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | Apr 8, 2026 |
| CVE-2026-5869(opens NVD record) | Medium | 4.3 | Heap buffer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | Apr 8, 2026 |