Total
7275 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-8947 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | N/A | 7.3 HIGH |
| Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |||||
| CVE-2026-8953 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | N/A | 9.6 CRITICAL |
| Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | |||||
| CVE-2023-33153 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | N/A | 6.8 MEDIUM |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2023-33149 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | N/A | 7.8 HIGH |
| Microsoft Office Graphics Remote Code Execution Vulnerability | |||||
| CVE-2024-30101 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | N/A | 7.5 HIGH |
| Microsoft Office Remote Code Execution Vulnerability | |||||
| CVE-2026-40359 | 1 Microsoft | 5 365 Apps, Excel, Office and 2 more | 2026-05-19 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | |||||
| CVE-2026-40419 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | N/A | 7.8 HIGH |
| Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-8513 | 1 Google | 2 Android, Chrome | 2026-05-19 | N/A | 8.3 HIGH |
| Use after free in Input in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2026-8522 | 2 Apple, Google | 2 Macos, Chrome | 2026-05-19 | N/A | 8.8 HIGH |
| Use after free in Downloads in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | |||||
| CVE-2026-8549 | 1 Google | 1 Chrome | 2026-05-19 | N/A | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8550 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-19 | N/A | 6.5 MEDIUM |
| Use after free in Google Lens in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8542 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-05-19 | N/A | 8.3 HIGH |
| Use after free in Core in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8530 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-05-19 | N/A | 8.3 HIGH |
| Use after free in Network in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8580 | 1 Google | 1 Chrome | 2026-05-19 | N/A | 9.6 CRITICAL |
| Use after free in Mojo in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8575 | 1 Google | 1 Chrome | 2026-05-19 | N/A | 8.3 HIGH |
| Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2026-8544 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-19 | N/A | 8.8 HIGH |
| Use after free in Media in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-8555 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-05-19 | N/A | 8.8 HIGH |
| Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2026-28733 | 2026-05-19 | N/A | 6.5 MEDIUM | ||
| in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution. | |||||
| CVE-2026-8696 | 1 Radare | 1 Radare2 | 2026-05-19 | N/A | 7.5 HIGH |
| radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbitrary code by sending malformed thread information responses. Attackers can trigger the vulnerability by causing qsThreadInfo to fail after qfThreadInfo successfully allocates RDebugPid structures, resulting in double-free memory corruption when the error path attempts to clean up the list. | |||||
| CVE-2025-4878 | 2026-05-19 | N/A | 3.6 LOW | ||
| A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. | |||||