NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:July 4, 2026, 4:18 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
5051 5.5 MEDIUM
Local
apple macos A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. CWE-22
Path Traversal
CVE-2025-24268 2026-06-12 21:38 2026-06-12 Show GitHub Exploit DB Packet Storm
5052 8.8 HIGH
Local
apple macos This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be able to break out of its sandbox. CWE-693
 Protection Mechanism Failure
CVE-2025-24284 2026-06-12 21:38 2026-06-12 Show GitHub Exploit DB Packet Storm
5053 5.5 MEDIUM
Local
apple macos The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information. CWE-693
 Protection Mechanism Failure
CVE-2025-30431 2026-06-12 21:38 2026-06-12 Show GitHub Exploit DB Packet Storm
5054 5.5 MEDIUM
Local
apple macos A privacy issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4. An app may be able to access sensitive user data. CWE-359
 Exposure of Private Personal Information to an Unauthorized Actor
CVE-2025-30459 2026-06-12 21:37 2026-06-12 Show GitHub Exploit DB Packet Storm
5055 7.8 HIGH
Local
apple macos The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges. CWE-269
 Improper Privilege Management
CVE-2025-31272 2026-06-12 21:37 2026-06-12 Show GitHub Exploit DB Packet Storm
5056 5.5 MEDIUM
Local
apple macos An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. A malicious app may be able to access sensitive user data. CWE-284
Improper Access Control
CVE-2025-43339 2026-06-12 21:37 2026-06-12 Show GitHub Exploit DB Packet Storm
5057 5.5 MEDIUM
Local
apple macos This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. CWE-59
Link Following
CVE-2025-46293 2026-06-12 21:36 2026-06-12 Show GitHub Exploit DB Packet Storm
5058 5.3 MEDIUM
Network
apple ipados
iphone_os
macos
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information. CWE-284
Improper Access Control
CVE-2025-46308 2026-06-12 21:36 2026-06-12 Show GitHub Exploit DB Packet Storm
5059 7.5 HIGH
Network
apple macos A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. CWE-284
Improper Access Control
CVE-2025-46315 2026-06-12 21:35 2026-06-12 Show GitHub Exploit DB Packet Storm
5060 8.1 HIGH
Network
- - SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG … CWE-79
CWE-434
Cross-site Scripting
 Unrestricted Upload of File with Dangerous Type 
CVE-2026-46489 2026-06-12 20:16 2026-06-12 Show GitHub Exploit DB Packet Storm
5061 9.8 CRITICAL
Network
- - Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Ap… CWE-917
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
CVE-2026-11561 2026-06-12 19:16 2026-06-11 Show GitHub Exploit DB Packet Storm
5062 - -
- - QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: CWE-472
 External Control of Assumed-Immutable Web Parameter
CVE-2025-59382 2026-06-12 11:16 2026-06-10 Show GitHub Exploit DB Packet Storm
5063 7.5 HIGH
Network
nlnetlabs routinator When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. CWE-755
 Improper Handling of Exceptional Conditions
CVE-2026-49235 2026-06-12 10:37 2026-06-9 Show GitHub Exploit DB Packet Storm
5064 7.5 HIGH
Network
nlnetlabs routinator Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name … CWE-22
Path Traversal
CVE-2026-49233 2026-06-12 10:33 2026-06-9 Show GitHub Exploit DB Packet Storm
5065 7.5 HIGH
Network
nlnetlabs routinator When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted n… CWE-20
NVD-CWE-noinfo
 Improper Input Validation 
CVE-2026-49234 2026-06-12 10:28 2026-06-9 Show GitHub Exploit DB Packet Storm
5066 6.5 MEDIUM
Network
nsa ghidra Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation… CWE-22
Path Traversal
CVE-2026-52756 2026-06-12 10:18 2026-06-10 Show GitHub Exploit DB Packet Storm
5067 4.4 MEDIUM
Local
nsa ghidra Ghidra before 12.1 contains a heap-use-after-free vulnerability in the decompiler's HighVariable::merge() function during the variable merging pass. Attackers can trigger this vulnerability by crafti… CWE-416
 Use After Free
CVE-2026-52757 2026-06-12 10:10 2026-06-10 Show GitHub Exploit DB Packet Storm
5068 4.3 MEDIUM
Network
jenkins jenkins Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke… CWE-601
Open Redirect
CVE-2026-53440 2026-06-12 10:03 2026-06-10 Show GitHub Exploit DB Packet Storm
5069 5.3 MEDIUM
Network
jenkins jenkins Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenki… CWE-311
Missing Encryption of Sensitive Data
CVE-2026-53442 2026-06-12 09:59 2026-06-10 Show GitHub Exploit DB Packet Storm
5070 7.2 HIGH
Network
apache answer Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after… CWE-1259
 Improper Restriction of Security Token Assignment
CVE-2026-25700 2026-06-12 09:50 2026-06-11 Show GitHub Exploit DB Packet Storm
5071 8.3 HIGH
Network
plane plane Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in … CWE-639
CWE-862
 Authorization Bypass Through User-Controlled Key
 Missing Authorization
CVE-2026-46558 2026-06-12 09:49 2026-06-11 Show GitHub Exploit DB Packet Storm
5072 5.3 MEDIUM
Network
openfga helm_charts
openfga
OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to O… CWE-345
CWE-668
 Insufficient Verification of Data Authenticity
 Exposure of Resource to Wrong Sphere
CVE-2026-48096 2026-06-12 09:46 2026-06-11 Show GitHub Exploit DB Packet Storm
5073 - -
- - Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis determined that the addressed defect is not reachable in any released version of Zephyr: on every sup… - CVE-2026-10676 2026-06-12 09:16 2026-06-12 Show GitHub Exploit DB Packet Storm
5074 9.8 CRITICAL
Network
fortinet fortisandbox
fortisandbox_cloud
fortisandbox_paas
A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox… CWE-78
OS Command 
CVE-2026-25089 2026-06-12 06:39 2026-06-10 Show GitHub Exploit DB Packet Storm
5075 6.5 MEDIUM
Network
fortinet fortiportal A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via <i… CWE-284
Improper Access Control
CVE-2026-49938 2026-06-12 06:32 2026-06-10 Show GitHub Exploit DB Packet Storm
5076 6.7 MEDIUM
Local
fortinet fortios
fortiproxy
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.… CWE-1244
 Internal Asset Exposed to Unsafe Debug Access Level or State
CVE-2025-67862 2026-06-12 06:31 2026-06-10 Show GitHub Exploit DB Packet Storm
5077 - -
- - In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes. The build workflow runs on pull requests, while the deploy workflow runs with pac… CWE-829
 Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-47174 2026-06-12 06:16 2026-06-12 Show GitHub Exploit DB Packet Storm
5078 8.8 HIGH
Network
- - mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOL… CWE-863
 Incorrect Authorization
CVE-2026-46519 2026-06-12 06:01 2026-06-12 Show GitHub Exploit DB Packet Storm
5079 6.1 MEDIUM
Network
- - mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.7.0, the kubectl_generic tool in mcp-server-kubernetes passes user-supplied flags direct… CWE-88
Argument Injection
CVE-2026-47250 2026-06-12 06:01 2026-06-12 Show GitHub Exploit DB Packet Storm
5080 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove… CWE-862
 Missing Authorization
CVE-2026-47163 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5081 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a user with Manage Server / ManageGuild, but without Manage Roles or Administrator, … CWE-266
 Incorrect Privilege Assignment
CVE-2026-47169 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5082 7.7 HIGH
Network
- - Garlic-Hub manages digital signage network — devices, content, and playlists — from a single self-hosted interface. Prior to version 1.1, authenticated users can cause the server to issue arbitrary H… CWE-918
Server-Side Request Forgery (SSRF) 
CVE-2026-47170 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5083 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, a normal user can create a reminder whose message contains @everyone or @here. When … CWE-116
 Improper Encoding or Escaping of Output
CVE-2026-47171 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5084 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.3, the repository has a privileged deploy workflow that runs after the unprivileged bui… CWE-829
 Inclusion of Functionality from Untrusted Control Sphere
CVE-2026-47172 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5085 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can enable logging and choose a logging channe… CWE-200
Information Exposure
CVE-2026-47176 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5086 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a cha… CWE-200
Information Exposure
CVE-2026-47177 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5087 - -
- - Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.5, the AutoMod remove flow looks up and deletes rules by global database ID without ver… CWE-639
 Authorization Bypass Through User-Controlled Key
CVE-2026-47189 2026-06-12 05:58 2026-06-12 Show GitHub Exploit DB Packet Storm
5088 - -
- - Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulat… CWE-269
 Improper Privilege Management
CVE-2026-45176 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5089 - -
- - Idira Secrets Manager SaaS Edge versions prior to 1.8 exhibit improper access control within its internal authentication components. A remote, unauthenticated attacker could exploit this by submittin… CWE-284
Improper Access Control
CVE-2026-45177 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5090 - -
- - Idira Secrets Manager Self-Hosted versions 13.8.0 and lower exhibit improper access control within internal cluster endpoints. A remote, authenticated attacker possessing standard node-level credenti… CWE-284
Improper Access Control
CVE-2026-45178 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5091 7.6 HIGH
Network
- - An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding sizeof(uint32_t) to a crafted SASL packet length prefix of 0xFFFFFFFC… CWE-190
 Integer Overflow or Wraparound
CVE-2026-11774 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5092 6.5 MEDIUM
Network
- - An out-of-bounds write vulnerability was found in GStreamer's H.266/VVC PPS picture partition parser in gst-plugins-bad. In the multi-slice-in-tile processing of gst_h266_parser_parse_picture_partiti… CWE-787
 Out-of-bounds Write
CVE-2026-53701 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5093 6.5 MEDIUM
Network
- - A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library (gst-plugins-bad). When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from… CWE-787
 Out-of-bounds Write
CVE-2026-53702 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5094 - -
- - Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within internal agent validation processes. A local attacker could potentially bypass built-in security c… CWE-295
Improper Certificate Validation 
CVE-2026-45175 2026-06-12 05:56 2026-06-12 Show GitHub Exploit DB Packet Storm
5095 - -
- - FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PD… CWE-400
CWE-770
 Uncontrolled Resource Consumption
 Allocation of Resources Without Limits or Throttling
CVE-2026-45802 2026-06-12 05:51 2026-06-12 Show GitHub Exploit DB Packet Storm
5096 5.3 MEDIUM
Network
- - CodexBar before 0.33.0 contains a credential forwarding vulnerability that allows network-adjacent attackers to intercept sensitive credentials by issuing cross-origin or HTTP-downgrade redirects to … CWE-522
 Insufficiently Protected Credentials
CVE-2026-49949 2026-06-12 05:50 2026-06-12 Show GitHub Exploit DB Packet Storm
5097 4.3 MEDIUM
Network
- - Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missi… CWE-770
 Allocation of Resources Without Limits or Throttling
CVE-2026-53781 2026-06-12 05:50 2026-06-12 Show GitHub Exploit DB Packet Storm
5098 7.4 HIGH
Network
- - Summarize before 0.17.0 contains a server-side request forgery vulnerability that allows attackers who control a podcast RSS feed to direct the host to fetch transcript content from loopback addresse… CWE-918
Server-Side Request Forgery (SSRF) 
CVE-2026-53782 2026-06-12 05:50 2026-06-12 Show GitHub Exploit DB Packet Storm
5099 9.1 CRITICAL
Network
- - Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by n… CWE-93
CRLF Injection
CVE-2026-50638 2026-06-12 05:16 2026-06-11 Show GitHub Exploit DB Packet Storm
5100 8.2 HIGH
Network
- - Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics,separated by newlines, to be sent p… CWE-93
CRLF Injection
CVE-2026-50637 2026-06-12 05:16 2026-06-11 Show GitHub Exploit DB Packet Storm