VYPR

CVEs

82,359 total · page 31 of 1,648

  • CVE-2026-10928HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10927HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10926HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-10925HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10924HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10923HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebAppInstalls in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: High)

  • CVE-2026-10922HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. (Chromium security severity: High)

  • CVE-2026-10921HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10920HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10919HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10918HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10917HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10915HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10914HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10913HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10911HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10910HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10909HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10908HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10907HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Out of bounds write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10906HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10905HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10904HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10903HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10902HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10901HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10900HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10899HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10898HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Stack buffer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10897HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10896HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10895HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10894HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10893HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-10891HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in GFX in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10890HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-10889HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10888HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-10887HigJun 4, 2026
    risk 0.53cvss 8.1epss 0.00

    Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)

  • CVE-2026-10885HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10884HigJun 4, 2026
    risk 0.54cvss 8.3epss 0.00

    Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10883HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10882HigJun 4, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10873HigJun 4, 2026
    risk 0.47cvss 7.2epss 0.03

    A vulnerability was determined in Shibby Tomato 1.28.0000. Impacted is the function rstats_path of the file /bin/rstats of the component Web UI. Executing a manipulation can lead to os command injection. The attack can be launched remotely. The exploit has been publicly…

  • CVE-2026-10872HigJun 4, 2026
    risk 0.47cvss 7.2epss 0.03

    A vulnerability was found in Shibby Tomato 1.28.0000. This issue affects the function start_vpnserver of the file /sbin/rc of the component Web UI. Performing a manipulation results in os command injection. The attack can be initiated remotely. The exploit has been made public…

  • CVE-2025-8873HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not…

  • CVE-2026-10871HigJun 4, 2026
    risk 0.47cvss 7.2epss 0.02

    A vulnerability has been found in Shibby Tomato 1.28.0000. This vulnerability affects the function start_6rd_tunnel of the file /sbin/rc of the component Web UI. Such manipulation of the argument ipv6_6rd_borderrelay leads to os command injection. It is possible to launch the…

  • CVE-2026-10870HigJun 4, 2026
    risk 0.47cvss 7.2epss 0.02

    A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.…

  • CVE-2026-41522HigJun 4, 2026
    risk 0.46cvss epss 0.00

    Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql` that does not enforce the same authorization checks as the REST API. Any…

  • CVE-2026-41518HigJun 4, 2026
    risk 0.42cvss 7.6epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-editor permissions can store arbitrary HTML/JavaScript in the…