VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2026-10944MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10938MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10937MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10912MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-46265HigJun 3, 2026
    risk 0.42cvss 7.5epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: WQ_MEM_RECLAIM xprtiod:xprt_rdma_connect_worker [rpcrdma] is flushing…

  • CVE-2026-0080MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0052MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0051MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0044MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause the system to crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0041MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible UBSan failure due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0040MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible way to cause a crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-0039MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    In multiple functions of ubsan_throwing_runtime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-9996MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in WebRTC in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9981MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9953MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9917MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9912MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9908MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9882MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Critical)

  • CVE-2026-10018MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-10008MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-10004MedMay 28, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in Passwords in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-9122MedMay 20, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8570MedMay 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Type Confusion in V8 in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-8550MedMay 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-7982MedMay 6, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in WebCodecs in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-7924MedMay 6, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-6364MedApr 15, 2026
    risk 0.42cvss 6.5epss 0.00

    Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security severity: Medium)

  • CVE-2026-5919MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in WebSockets in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5905MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5903MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)

  • CVE-2026-5901MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions for cookie modification via a crafted Chrome Extension. (Chromium security…

  • CVE-2026-5888MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Uninitialized Use in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5885MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5881MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5876MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5291MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in WebGL in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2026-5283MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-5276MedApr 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Insufficient policy enforcement in WebUSB in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-0994HigJan 23, 2026
    risk 0.42cvss 7.5epss 0.01

    A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling…

  • CVE-2025-64508HigNov 10, 2025
    risk 0.42cvss 7.5epss 0.00

    Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to…

  • CVE-2025-12445MedNov 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Policy bypass in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)

  • CVE-2025-12431MedNov 10, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: High)

  • CVE-2025-11207MedNov 6, 2025
    risk 0.42cvss 6.5epss 0.00

    Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-6176HigOct 31, 2025
    risk 0.42cvss 7.5epss 0.01

    Scrapy versions up to 2.13.2 are vulnerable to a denial of service (DoS) attack due to a flaw in its brotli decompression implementation. The protection mechanism against decompression bombs fails to mitigate the brotli variant, allowing remote servers to crash clients with less…

  • CVE-2025-26441MedSep 4, 2025
    risk 0.42cvss 6.5epss 0.00

    In add_attr of sdp_discovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2024-56189MedSep 4, 2025
    risk 0.42cvss 6.5epss 0.00

    In SAEMM_DiscloseMsId of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure post authentication with no additional execution privileges needed. User interaction is not needed for…

  • CVE-2025-0092MedAug 26, 2025
    risk 0.42cvss 6.5epss 0.00

    In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2025-8881MedAug 13, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in File Picker in Google Chrome prior to 139.0.7258.127 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)

  • CVE-2025-5066MedMay 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Inappropriate implementation in Messages in Google Chrome on Android prior to 137.0.7151.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Page 122 of 229