Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
21987
Total
1565
Critical
6684
High
7043
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-12028 | HIGH | 8.3 | Use after free in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially … | Jun 11, 2026 |
| CVE-2026-12027 | CRITICAL | 9.6 | Inappropriate implementation in Headless in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox … | Jun 11, 2026 |
| CVE-2026-12026 | UNKNOWN | — | Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to … | Jun 11, 2026 |
| CVE-2026-12025 | MEDIUM | 5.3 | Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak … | Jun 11, 2026 |
| CVE-2026-12024 | MEDIUM | 6.5 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker to bypass same origin policy via a crafted HTML page. … | Jun 11, 2026 |
| CVE-2026-12023 | HIGH | 8.3 | Use after free in GPU in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially … | Jun 11, 2026 |
| CVE-2026-12022 | HIGH | 8.3 | Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform … | Jun 11, 2026 |
| CVE-2026-12020 | HIGH | 8.8 | Use after free in Autofill in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Jun 11, 2026 |
| CVE-2026-12019 | HIGH | 8.3 | Heap buffer overflow in Codecs in Google Chrome on Linux and ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process … | Jun 11, 2026 |
| CVE-2026-12018 | HIGH | 8.8 | Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. … | Jun 11, 2026 |
| CVE-2026-12017 | LOW | 3.1 | Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to bypass site isolation via … | Jun 11, 2026 |
| CVE-2026-12016 | HIGH | 8.3 | Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox … | Jun 11, 2026 |
| CVE-2026-12015 | MEDIUM | 5.3 | Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive … | Jun 11, 2026 |
| CVE-2026-12014 | HIGH | 8.3 | Use after free in Cast in Google Chrome prior to 149.0.7827.115 allowed an attacker on the local network segment to potentially perform a sandbox escape … | Jun 11, 2026 |
| CVE-2026-12013 | HIGH | 8.8 | Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted … | Jun 11, 2026 |
| CVE-2026-12012 | HIGH | 8.1 | Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via … | Jun 11, 2026 |
| CVE-2026-12011 | HIGH | 8.3 | Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially … | Jun 11, 2026 |
| CVE-2026-12010 | HIGH | 8.3 | Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially … | Jun 11, 2026 |
| CVE-2026-12009 | HIGH | 8.3 | Insufficient validation of untrusted input in Accessibility in Google Chrome on Mac prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process … | Jun 11, 2026 |
| CVE-2026-12008 | HIGH | 8.3 | Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a … | Jun 11, 2026 |
| CVE-2026-12007 | HIGH | 8.8 | Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML … | Jun 11, 2026 |
| CVE-2026-53819 | HIGH | 8.8 | OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with … | Jun 11, 2026 |
| CVE-2026-53818 | MEDIUM | 6.6 | OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. … | Jun 11, 2026 |
| CVE-2026-53817 | HIGH | 8.8 | OpenClaw before 2026.5.22 contains a locality validation vulnerability in Control UI pairing that allows attackers with network access to spoof locality information and obtain durable … | Jun 11, 2026 |
| CVE-2026-53816 | HIGH | 7.2 | OpenClaw before 2026.5.18 contains an insufficient provenance validation vulnerability in node event handling that allows paired nodes to forge exec lifecycle events without system.run authorization. … | Jun 11, 2026 |