U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-10006 - Race in WebAudio in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:42 PM -0400

  • CVE-2026-9880 - Insufficient validation of untrusted input in WebGL in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sev... read CVE-2026-9880
    Published: May 28, 2026; 7:16:45 PM -0400

  • CVE-2026-10012 - Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:43 PM -0400

    V3.1: 8.3 HIGH

  • CVE-2026-10018 - Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)
    Published: May 28, 2026; 7:16:43 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2026-9926 - Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:50 PM -0400

  • CVE-2026-9891 - Use after free in Extensions in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted Chrome Extension. (Chromium security severity: Critical)
    Published: May 28, 2026; 7:16:47 PM -0400

  • CVE-2026-9925 - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:50 PM -0400

  • CVE-2026-10019 - Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
    Published: May 28, 2026; 7:16:43 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2026-10021 - Insufficient validation of untrusted input in USB in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Medium)
    Published: May 28, 2026; 7:16:43 PM -0400

  • CVE-2026-9939 - Heap buffer overflow in WebCodecs in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:52 PM -0400

  • CVE-2026-9938 - Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:51 PM -0400

  • CVE-2026-9931 - Use after free in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2026; 7:16:51 PM -0400

  • CVE-2026-10022 - Type Confusion in V8 in Google Chrome prior to 148.0.7778.216 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. (Chromium security severity: Medium)
    Published: May 28, 2026; 7:16:44 PM -0400

  • CVE-2026-47673 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the jwt and jwk middlewares do not verify that the Authorization header value uses theBearer scheme. Any two-part header value — regardless of ... read CVE-2026-47673
    Published: May 28, 2026; 1:16:32 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2026-9873 - Use after free in Network in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
    Published: May 28, 2026; 7:16:45 PM -0400

  • CVE-2026-9874 - Use after free in Dawn in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    Published: May 28, 2026; 7:16:45 PM -0400

    V3.1: 9.6 CRITICAL

  • CVE-2026-9877 - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    Published: May 28, 2026; 7:16:45 PM -0400

    V3.1: 8.3 HIGH

  • CVE-2026-47674 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the ip-restriction middleware (hono/ip-restriction) compares incoming IP addresses against configured deny and allow rules using string equalit... read CVE-2026-47674
    Published: May 28, 2026; 1:16:32 PM -0400

  • CVE-2026-9878 - Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical)
    Published: May 28, 2026; 7:16:45 PM -0400

  • CVE-2026-47675 - Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, the serialize() function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax (;, \r, \n),... read CVE-2026-47675
    Published: May 28, 2026; 1:16:32 PM -0400

    V3.1: 5.3 MEDIUM