CVE List – Find High-Risk & Exploited Vulnerabilities ATT&CK Technique:Execution / RCE / Command Execution

MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.

Showing 141160 (more results available)
CVE Description Max CVSS EPSS % Published Updated
CVE-2026-14123 Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) 4.3 0.18% 2026-06-30 2026-07-01
CVE-2026-14114 Inappropriate implementation in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. (Chromium security severity: Low) 7.5 0.16% 2026-06-30 2026-07-06
CVE-2026-14110 Inappropriate implementation in DarkMode in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 4.3 0.18% 2026-06-30 2026-07-02
CVE-2026-14109 Insufficient policy enforcement in Mojo in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) 9.6 0.25% 2026-06-30 2026-07-02
CVE-2026-14086 Insufficient policy enforcement in HID in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Low) 8.8 0.30% 2026-06-30 2026-07-02
CVE-2026-14082 Race in Storage in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) 6.5 0.21% 2026-06-30 2026-07-01
CVE-2026-14081 Insufficient policy enforcement in DevTools in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory via a crafted Chrome Extension. (Chromium security severity: Low) 6.5 0.17% 2026-06-30 2026-07-01
CVE-2026-14077 Inappropriate implementation in Select in Google Chrome on Mac prior to 150.0.7871.47 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) 4.3 0.17% 2026-06-30 2026-07-01
CVE-2026-14075 Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to bypass no-referrer policy via a crafted HTML page. (Chromium security severity: Low) 4.3 0.19% 2026-06-30 2026-07-06
CVE-2026-14072 Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 4.3 0.17% 2026-06-30 2026-07-02
CVE-2026-14054 Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) 4.3 0.18% 2026-06-30 2026-07-01
CVE-2026-14047 Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. (Chromium security severity: Low) 4.3 0.18% 2026-06-30 2026-07-01
CVE-2026-14042 Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 4.3 0.17% 2026-06-30 2026-07-02
CVE-2026-14041 Insufficient policy enforcement in Serial in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) 8.8 0.25% 2026-06-30 2026-07-02
CVE-2026-14036 Insufficient policy enforcement in Bluetooth in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) 8.8 0.25% 2026-06-30 2026-07-02
CVE-2026-14033 Insufficient policy enforcement in Media in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Low) 6.5 0.26% 2026-06-30 2026-07-01
CVE-2026-14031 Inappropriate implementation in File Input in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 4.3 0.17% 2026-06-30 2026-07-01
CVE-2026-14030 Inappropriate implementation in SplitView in Google Chrome on Linux prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) 4.2 0.15% 2026-06-30 2026-07-01
CVE-2026-14028 Incorrect security UI in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 4.2 0.16% 2026-06-30 2026-07-02
CVE-2026-14026 Incorrect security UI in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) 4.2 0.15% 2026-06-30 2026-07-01
cvelogic Threat Intelligence