U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for NVD Communications and Status Updates Page
Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2026-10901 - Use after free in Passwords in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:51 PM -0400

  • CVE-2026-10902 - Use after free in Ozone in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:51 PM -0400

  • CVE-2026-10903 - Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:52 PM -0400

  • CVE-2026-10904 - Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:52 PM -0400

  • CVE-2026-10887 - Use after free in Chromoting in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10888 - Use after free in Cast Streaming in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10889 - Out of bounds read in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10890 - Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10892 - Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10893 - Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10894 - Use after free in Printing in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
    Published: June 04, 2026; 7:16:50 PM -0400

  • CVE-2026-10910 - Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:52 PM -0400

  • CVE-2026-10911 - Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security seve... read CVE-2026-10911
    Published: June 04, 2026; 7:16:53 PM -0400

  • CVE-2026-10913 - Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:53 PM -0400

  • CVE-2026-10914 - Use after free in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:53 PM -0400

  • CVE-2026-10915 - Use after free in Core in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:53 PM -0400

  • CVE-2026-10922 - Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. (Chromium s... read CVE-2026-10922
    Published: June 04, 2026; 7:16:54 PM -0400

  • CVE-2026-10928 - Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:55 PM -0400

  • CVE-2026-10929 - Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
    Published: June 04, 2026; 7:16:55 PM -0400

  • CVE-2017-15031 - In all versions of ARM Trusted Firmware up to and including v1.4, not initializing or saving/restoring the PMCR_EL0 register can leak secure world timing information.
    Published: December 18, 2018; 11:29:00 AM -0500

    V3.1: 7.5 HIGH
     V2.0: 5.0 MEDIUM

Created September 20, 2022 , Updated August 27, 2024