NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 23, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
7001	-	-	-	-	An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste…	CWE-427 Uncontrolled Search Path Element	CVE-2025-14575	2026-05-19 23:46	2026-05-19	Show	GitHub Exploit DB Packet Storm

7002	-	-	-	-	Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within da…	CWE-863 Incorrect Authorization	CVE-2026-42096	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

7003	-	-	-	-	Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42097	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

7004	-	-	-	-	Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e…	CWE-603 Use of Client-Side Authentication	CVE-2026-42098	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

7005	-	-	-	-	Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…	CWE-362 Race Condition	CVE-2026-42099	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

7006	-	-	-	-	Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-42100	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

7007	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

7008	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

7009	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

7010	-	-	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

7011	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

7012	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

7013	9.8	CRITICAL Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…	CWE-426 Untrusted Search Path	CVE-2026-45772	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

7014	7.5	HIGH Network	ws_project	ws	ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…	CWE-908 Use of Uninitialized Resource	CVE-2026-45736	2026-05-19 23:39	2026-05-16	Show	GitHub Exploit DB Packet Storm

7015	7.5	HIGH Network	-	-	The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…	-	CVE-2025-15609	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

7016	9.8	CRITICAL Network	-	-	The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-4885	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

7017	9.8	CRITICAL Network	-	-	The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-4883	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

7018	7.5	HIGH Network	-	-	The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including, 28.1.6. This is due to insufficient escaping on the user suppl…	CWE-89 SQL Injection	CVE-2026-8912	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

7019	6.3	MEDIUM Network	tencent	weknora	A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component…	CWE-285 CWE-639 Improper Authorization Authorization Bypass Through User-Controlled Key	CVE-2026-8786	2026-05-19 23:30	2026-05-18	Show	GitHub Exploit DB Packet Storm

7020	5.3	MEDIUM Network	google	chrome	Object lifecycle issue in Dawn in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium se…	CWE-664 Improper Control of a Resource Through its Lifetime	CVE-2026-8582	2026-05-19 23:30	2026-05-15	Show	GitHub Exploit DB Packet Storm

7021	7.5	HIGH Network	vercel	ai	A vulnerability has been found in vercel ai up to 3.0.97. Impacted is the function run of the file .github/workflows/prettier-on-automerge.yml of the component PR Branch Name Interpolation. The manip…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-8767	2026-05-19 23:29	2026-05-18	Show	GitHub Exploit DB Packet Storm

7022	4.3	MEDIUM Network	google	chrome	Heap buffer overflow in GPU in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity…	CWE-122 Heap-based Buffer Overflow	CVE-2026-8552	2026-05-19 23:27	2026-05-15	Show	GitHub Exploit DB Packet Storm

7023	3.1	LOW Network	google	chrome	Type Confusion in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted H…	CWE-843 Type Confusion	CVE-2026-8554	2026-05-19 23:27	2026-05-15	Show	GitHub Exploit DB Packet Storm

7024	4.3	MEDIUM Network	google	chrome	Heap buffer overflow in SwiftShader in Google Chrome on Mac and iOS prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium securi…	CWE-122 Heap-based Buffer Overflow	CVE-2026-8560	2026-05-19 23:27	2026-05-15	Show	GitHub Exploit DB Packet Storm

7025	4.3	MEDIUM Network	google	chrome	Integer overflow in Internationalization in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium secu…	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-8559	2026-05-19 23:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

7026	3.1	LOW Network	google	chrome	Inappropriate implementation in ANGLE in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…	CWE-119 CWE-284 Incorrect Access of Indexable Resource ('Range Error') Improper Access Control	CVE-2026-8556	2026-05-19 23:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

7027	8.8	HIGH Network	google	chrome	Use after free in GTK in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-8555	2026-05-19 23:26	2026-05-15	Show	GitHub Exploit DB Packet Storm

7028	5.5	MEDIUM Local	-	-	NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issu…	CWE-476 NULL Pointer Dereference	CVE-2026-47307	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7029	5.5	MEDIUM Local	-	-	NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.	CWE-476 NULL Pointer Dereference	CVE-2026-47308	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7030	5.5	MEDIUM Local	-	-	Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-674 Uncontrolled Recursion	CVE-2026-47309	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7031	7.8	HIGH Local	-	-	Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-416 Use After Free	CVE-2026-47310	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7032	7.8	HIGH Local	-	-	Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-122 Heap-based Buffer Overflow	CVE-2026-47311	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7033	4.3	MEDIUM Network	-	-	A flaw was found in Keycloak. An authenticated user can bypass configured WebAuthn policies during credential registration by manipulating client-side JavaScript. This occurs because the server-side …	CWE-603 Use of Client-Side Authentication	CVE-2026-8830	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7034	5.5	MEDIUM Local	-	-	Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-763 Release of Invalid Pointer or Reference	CVE-2026-47312	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7035	5.5	MEDIUM Local	-	-	Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-789 Memory Allocation with Excessive Size Value	CVE-2026-47313	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7036	7.8	HIGH Local	-	-	Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-787 Out-of-bounds Write	CVE-2026-47314	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7037	5.5	MEDIUM Local	-	-	Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2026-47315	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7038	5.5	MEDIUM Local	-	-	Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2…	CWE-703 Improper Check or Handling of Exceptional Conditions	CVE-2026-47316	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7039	5.5	MEDIUM Local	-	-	Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.	CWE-674 Uncontrolled Recursion	CVE-2026-47317	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7040	5.4	MEDIUM Network	-	-	A flaw was found in Keycloak. When both realm-level and client-level `notBefore` revocation policies are configured, Keycloak's OpenID Connect (OIDC) Introspection feature fails to properly honor the…	CWE-303 Incorrect Implementation of Authentication Algorithm	CVE-2026-8922	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7041	8.1	HIGH Network	-	-	in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.	CWE-364 Signal Handler Race Condition	CVE-2026-24792	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7042	3.3	LOW Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	CWE-476 NULL Pointer Dereference	CVE-2026-25110	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7043	8.4	HIGH Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered.	CWE-787 Out-of-bounds Write	CVE-2026-25781	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7044	5.5	MEDIUM Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak	CWE-281 Improper Preservation of Permissions	CVE-2026-25850	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7045	8.8	HIGH Network	-	-	in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.	CWE-787 Out-of-bounds Write	CVE-2026-27648	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7046	5.5	MEDIUM Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.	CWE-364 Signal Handler Race Condition	CVE-2026-27766	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7047	3.3	LOW Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	CWE-190 Integer Overflow or Wraparound	CVE-2026-27781	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7048	6.5	MEDIUM Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker arbitrary code execution.	CWE-416 Use After Free	CVE-2026-28733	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7049	3.3	LOW Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	CWE-20 Improper Input Validation	CVE-2026-28751	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm

7050	3.3	LOW Local	-	-	in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.	CWE-364 Signal Handler Race Condition	CVE-2026-33565	2026-05-19 23:25	2026-05-19	Show	GitHub Exploit DB Packet Storm