NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:July 3, 2026, 4:30 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
4951 7.4 HIGH
Network
- - Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresse… CWE-918
Server-Side Request Forgery (SSRF) 
CVE-2026-53782 2026-06-12 05:50 2026-06-12 Show GitHub Exploit DB Packet Storm
4952 9.1 CRITICAL
Network
- - Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n… CWE-93
CRLF Injection
CVE-2026-50638 2026-06-12 05:16 2026-06-11 Show GitHub Exploit DB Packet Storm
4953 8.2 HIGH
Network
- - Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p… CWE-93
CRLF Injection
CVE-2026-50637 2026-06-12 05:16 2026-06-11 Show GitHub Exploit DB Packet Storm
4954 - -
- - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid… - CVE-2026-12038 2026-06-12 05:16 2026-06-12 Show GitHub Exploit DB Packet Storm
4955 4.0 MEDIUM
Local
nsa ghidra Ghidra before 11.2 contains a use after free vulnerability in the Sleigh backend caused by undefined static initialization order of the SleighArchitecture::translators and XmlArchitectureCapability s… CWE-758
 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
CVE-2024-58350 2026-06-12 04:53 2026-06-10 Show GitHub Exploit DB Packet Storm
4956 7.8 HIGH
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. CWE-190
 Integer Overflow or Wraparound
CVE-2026-42916 2026-06-12 04:53 2026-06-10 Show GitHub Exploit DB Packet Storm
4957 5.5 MEDIUM
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. CWE-125
Out-of-bounds Read
CVE-2026-42968 2026-06-12 04:53 2026-06-10 Show GitHub Exploit DB Packet Storm
4958 5.5 MEDIUM
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2016
windows_server_2019
w…
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. CWE-908
 Use of Uninitialized Resource
CVE-2026-42969 2026-06-12 04:53 2026-06-10 Show GitHub Exploit DB Packet Storm
4959 5.5 MEDIUM
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. CWE-200
Information Exposure
CVE-2026-42970 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4960 5.5 MEDIUM
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2016
windows_server_2019
w…
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. CWE-200
Information Exposure
CVE-2026-42971 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4961 7.8 HIGH
Local
nsa ghidra Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious… CWE-22
Path Traversal
CVE-2026-52755 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4962 8.8 HIGH
Network
nsa ghidra Ghidra before 12.1 contains an authentication bypass vulnerability in PKIAuthenticationModule.authenticate() that allows any user with a valid CA-signed certificate to impersonate other users by pres… CWE-347
 Improper Verification of Cryptographic Signature
CVE-2026-52754 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4963 5.5 MEDIUM
Local
nsa ghidra Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names… CWE-789
 Memory Allocation with Excessive Size Value
CVE-2026-52753 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4964 5.7 MEDIUM
Adjacent
microsoft windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022
windows_server_2025
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network. CWE-131
Incorrect Calculation of Buffer Size
CVE-2026-42915 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4965 7.8 HIGH
Local
nsa ghidra Ghidra before 12.0.2 contains a path traversal vulnerability in the extension installer that fails to validate ZIP entry names during extraction. Attackers can craft malicious extensions with travers… CWE-22
Path Traversal
CVE-2026-52752 2026-06-12 04:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4966 8.8 HIGH
Network
nsa ghidra Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a maliciou… CWE-502
 Deserialization of Untrusted Data
CVE-2026-52751 2026-06-12 04:51 2026-06-10 Show GitHub Exploit DB Packet Storm
4967 5.3 MEDIUM
Network
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Windows Kerberos Denial of Service Vulnerability CWE-125
Out-of-bounds Read
CVE-2026-42914 2026-06-12 04:51 2026-06-10 Show GitHub Exploit DB Packet Storm
4968 7.8 HIGH
Local
nsa ghidra Ghidra before 12.1 contains a command injection vulnerability in URL annotation handling on Windows where cmd.exe metacharacters are not properly escaped. Attackers can execute arbitrary commands und… CWE-88
Argument Injection
CVE-2026-52750 2026-06-12 04:51 2026-06-10 Show GitHub Exploit DB Packet Storm
4969 8.8 HIGH
Network
nsa ghidra Ghidra 11.0 before 12.1 contains a SQL injection vulnerability in the changePassword() method of PostgresFunctionDatabase that fails to escape double quotes in usernames interpolated into ALTER ROLE … CWE-89
SQL Injection
CVE-2026-49498 2026-06-12 04:50 2026-06-10 Show GitHub Exploit DB Packet Storm
4970 3.3 LOW
Local
nsa ghidra Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attacke… CWE-22
Path Traversal
CVE-2026-49497 2026-06-12 04:50 2026-06-10 Show GitHub Exploit DB Packet Storm
4971 6.1 MEDIUM
Local
nsa ghidra Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vecto… CWE-416
 Use After Free
CVE-2026-49496 2026-06-12 04:50 2026-06-10 Show GitHub Exploit DB Packet Storm
4972 5.5 MEDIUM
Local
nsa ghidra Ghidra 10.2 before 12.1 contains an uncontrolled resource consumption vulnerability in ExportTrie.parseTrie() that lacks cycle detection when traversing Mach-O binary export tries. A crafted Mach-O b… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2026-49495 2026-06-12 04:49 2026-06-10 Show GitHub Exploit DB Packet Storm
4973 7.0 HIGH
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally. CWE-362
Race Condition
CVE-2026-42912 2026-06-12 04:47 2026-06-10 Show GitHub Exploit DB Packet Storm
4974 7.0 HIGH
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. CWE-416
 Use After Free
CVE-2026-42911 2026-06-12 04:47 2026-06-10 Show GitHub Exploit DB Packet Storm
4975 7.8 HIGH
Local
microsoft windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally. CWE-787
 Out-of-bounds Write
CVE-2026-42910 2026-06-12 04:46 2026-06-10 Show GitHub Exploit DB Packet Storm
4976 5.5 MEDIUM
Local
x.org
redhat
x_server
xwayland
enterprise_linux
A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, le… CWE-416
 Use After Free
CVE-2026-50263 2026-06-12 04:46 2026-06-5 Show GitHub Exploit DB Packet Storm
4977 7.1 HIGH
Local
samsung assistant Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. NVD-CWE-noinfo
CVE-2026-21033 2026-06-12 04:43 2026-06-5 Show GitHub Exploit DB Packet Storm
4978 7.1 HIGH
Local
samsung assistant Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. NVD-CWE-noinfo
CVE-2026-21032 2026-06-12 04:42 2026-06-5 Show GitHub Exploit DB Packet Storm
4979 6.5 MEDIUM
Network
erlang erlang\/inets
erlang\/otp
ftp
Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_… CWE-918
Server-Side Request Forgery (SSRF) 
CVE-2026-48858 2026-06-12 04:27 2026-06-11 Show GitHub Exploit DB Packet Storm
4980 6.5 MEDIUM
Network
microsoft windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. CWE-200
Information Exposure
CVE-2026-42907 2026-06-12 04:23 2026-06-10 Show GitHub Exploit DB Packet Storm
4981 8.6 HIGH
Local
adobe dreamweaver Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the curren… NVD-CWE-noinfo
CVE-2026-47906 2026-06-12 04:22 2026-06-10 Show GitHub Exploit DB Packet Storm
4982 6.3 MEDIUM
Local
adobe dreamweaver Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to a… CWE-284
NVD-CWE-noinfo
Improper Access Control
CVE-2026-47907 2026-06-12 04:21 2026-06-10 Show GitHub Exploit DB Packet Storm
4983 7.8 HIGH
Local
adobe dreamweaver Dreamweaver Desktop versions 21.7 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploi… CWE-824
 Access of Uninitialized Pointer
CVE-2026-47908 2026-06-12 04:20 2026-06-10 Show GitHub Exploit DB Packet Storm
4984 6.3 MEDIUM
Local
adobe dreamweaver Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to… CWE-20
NVD-CWE-noinfo
 Improper Input Validation 
CVE-2026-47909 2026-06-12 04:18 2026-06-10 Show GitHub Exploit DB Packet Storm
4985 6.3 MEDIUM
Local
adobe dreamweaver Dreamweaver Desktop versions 21.7 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to a… CWE-863
 Incorrect Authorization
CVE-2026-47910 2026-06-12 04:16 2026-06-10 Show GitHub Exploit DB Packet Storm
4986 7.8 HIGH
Local
adobe acrobat
acrobat_reader
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. E… CWE-787
 Out-of-bounds Write
CVE-2026-47911 2026-06-12 04:15 2026-06-10 Show GitHub Exploit DB Packet Storm
4987 7.8 HIGH
Local
adobe acrobat
acrobat_reader
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit… CWE-416
 Use After Free
CVE-2026-47912 2026-06-12 04:15 2026-06-10 Show GitHub Exploit DB Packet Storm
4988 7.8 HIGH
Local
adobe acrobat
acrobat_reader
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit… CWE-416
 Use After Free
CVE-2026-47913 2026-06-12 04:08 2026-06-10 Show GitHub Exploit DB Packet Storm
4989 7.8 HIGH
Local
adobe acrobat
acrobat_reader
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploit… CWE-416
 Use After Free
CVE-2026-47914 2026-06-12 04:08 2026-06-10 Show GitHub Exploit DB Packet Storm
4990 6.1 MEDIUM
Network
microsoft sharepoint_server Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. CWE-79
Cross-site Scripting
CVE-2026-33113 2026-06-12 04:03 2026-06-10 Show GitHub Exploit DB Packet Storm
4991 5.4 MEDIUM
Network
adobe experience_manager Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… CWE-79
Cross-site Scripting
CVE-2026-34692 2026-06-12 04:03 2026-06-10 Show GitHub Exploit DB Packet Storm
4992 8.1 HIGH
Network
microsoft visual_studio_code Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. CWE-20
NVD-CWE-noinfo
 Improper Input Validation 
CVE-2026-40376 2026-06-12 03:56 2026-06-10 Show GitHub Exploit DB Packet Storm
4993 5.5 MEDIUM
Local
microsoft windows_server_2019
windows_server_2022
windows_server_2025
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally. CWE-416
CWE-822
 Use After Free
 Untrusted Pointer Dereference
CVE-2026-44805 2026-06-12 03:55 2026-06-10 Show GitHub Exploit DB Packet Storm
4994 8.8 HIGH
Network
microsoft windows_server_2022
windows_server_2025
Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. CWE-121
Stack-based Buffer Overflow
CVE-2026-45648 2026-06-12 03:54 2026-06-10 Show GitHub Exploit DB Packet Storm
4995 7.5 HIGH
Network
svelte svelte Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}><… CWE-1333
 Inefficient Regular Expression Complexity
CVE-2026-42567 2026-06-12 03:54 2026-06-10 Show GitHub Exploit DB Packet Storm
4996 7.0 HIGH
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. CWE-122
CWE-416
Heap-based Buffer Overflow
 Use After Free
CVE-2026-45653 2026-06-12 03:54 2026-06-10 Show GitHub Exploit DB Packet Storm
4997 7.5 HIGH
Network
svelte devalue Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to qu… CWE-770
 Allocation of Resources Without Limits or Throttling
CVE-2026-42570 2026-06-12 03:52 2026-06-10 Show GitHub Exploit DB Packet Storm
4998 7.9 HIGH
Local
microsoft windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2025
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. CWE-284
Improper Access Control
CVE-2026-45654 2026-06-12 03:51 2026-06-10 Show GitHub Exploit DB Packet Storm
4999 5.3 MEDIUM
Physics
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. CWE-693
 Protection Mechanism Failure
CVE-2026-45655 2026-06-12 03:48 2026-06-10 Show GitHub Exploit DB Packet Storm
5000 7.0 HIGH
Local
microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w…
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. CWE-362
CWE-416
Race Condition
 Use After Free
CVE-2026-45601 2026-06-12 03:47 2026-06-10 Show GitHub Exploit DB Packet Storm