Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-39311 — Trilium Notes: Stored XSS Leads to Unauthorized Remote Code Execution (RCE) via Unsanitiz…

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of S…

| Misconfiguration
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9124 — Google Chrome Cross-Origin Data Leaking Vulnerability

Insufficient validation of untrusted input in Input in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a craf…

| Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9123 — "Chromecast Heap Buffer Overflow Vulnerability"

Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to execute arbitrary code inside a sandbox via malicious network traff…

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9122 — Google Chrome GPU Out-of-Bounds Read Vulnerability

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium …

| Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9121 — Google Chrome GPU Out-of-Bounds Read Heap Corruption

Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9126 — Google Chrome Use After Free in DOM Medium Severity Vulnerability

Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9120 — Google Chrome WebRTC Use-After-Free Remote Code Execution Vulnerability

Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9119 — Google Chrome WebRTC Heap Buffer Overflow Vulnerability

Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9118 — Google Chrome Use After Free Vulnerability in Windows XR

Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9117 — Google Chrome GFX Type Confusion Vulnerability

Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf…

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9116 — Google Chrome ServiceWorker Cross-Origin Data Leaking Vulnerability

Insufficient policy enforcement in ServiceWorker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …

| Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9115 — Google Chrome Service Worker Origin Bypass Vulnerability

Insufficient policy enforcement in Service Worker in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severi…

| Misconfiguration
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9114 — Google Chrome QUIC Use-After-Free Remote Code Execution Vulnerability

Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via malicious network traffic. (Chromium security severity: Hig…

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA

Out of bounds read in GPU in Google Chrome on Mac prior to 148.0.7778.179 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9112 — Google Chrome GPU Use-After-Free Vulnerability

Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9110 — Google Chrome UI Spoofing Vulnerability

Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pag…

| Information Disclosure
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-9111 — Google Chrome WebRTC Use-After-Free Vulnerability

Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)

| Memory Corruption
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-39310 — Trilium Notes: Authentication Bypass in Clipper API for Electron (Desktop) Builds

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions 0.102.1 and prior, the Clipper API in Trilium Desktop (v0.101.3…

| Authentication
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-33137 — XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform is a generic wiki platform. In versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, …

| Authentication
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
0.0 NA
CVE-2026-26028 — CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential…

CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted …

| Cross-Site Scripting
May 20, 2026 May 20, 2026
May 20, 2026
May 20, 2026
Showing 20 of 6436 Results