NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
7451	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: eventfs: Hold eventfs_mutex and SRCU when remount walks events Commit 340f0c7067a9 ("eventfs: Update all the eventfs_inodes from …	-	CVE-2026-46106	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7452	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix null ptr deref in papr_hvpipe_dev_create_handle() commit 6d3789d347a7 ("papr-hvpipe: convert papr_hvpipe…	-	CVE-2026-46118	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7453	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock Patch series "mm/damon/sysfs-schemes: fix use-after-free…	-	CVE-2026-46121	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7454	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: dm-verity-fec: fix reading parity bytes split across blocks (take 3) fec_decode_bufs() assumes that the parity bytes of the first…	-	CVE-2026-46130	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7455	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() Sashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal…	-	CVE-2026-46144	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7456	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the …	-	CVE-2026-46153	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7457	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_de…	-	CVE-2026-46162	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7458	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb: client: use kzalloc to zero-initialize security descriptor buffer Commit 62e7dd0a39c2d ("smb: common: change the data type o…	-	CVE-2026-46139	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7459	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: fix kmemleak caused by incorrect chip_data lookup The kmemleak reports the following memory leak: Unreferenced obj…	-	CVE-2026-46141	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7460	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() Two bugs exist in the vCPU initialisation path: 1. If a …	-	CVE-2026-46147	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7461	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically…	-	CVE-2026-46148	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7462	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_…	-	CVE-2026-46171	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7463	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Watchdog task might end between send_sig() and kth…	-	CVE-2026-46180	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7464	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak btrfs_ioctl_space_info() has a TOCTOU race betw…	-	CVE-2026-46159	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7465	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing last_unlink_trans update when removing a directory When removing a directory we are not updating its last_unli…	-	CVE-2026-46160	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7466	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.versio…	-	CVE-2026-46182	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7467	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: octeon_ep_vf: add NULL check for napi_build_skb() napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_proces…	-	CVE-2026-46188	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7468	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in…	-	CVE-2026-46191	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7469	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads …	-	CVE-2026-46192	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7470	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplus_strcasecmp(). T…	-	CVE-2026-46169	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7471	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock damon_sysfs_quot_goal->path can be read and written by users, …	-	CVE-2026-46183	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7472	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled…	-	CVE-2026-46193	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7473	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race between extent node destroy and writeback f2fs_destroy_extent_node() does not set FI_NO_EXTENT before cle…	-	CVE-2026-46194	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7474	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix controller deregistration Make sure to deregister the controller before disabling and releasing underlying reso…	-	CVE-2026-46200	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7475	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during …	-	CVE-2026-46203	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7476	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_nam…	-	CVE-2026-46221	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7477	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA du…	-	CVE-2026-46225	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7478	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() When a tracepoint goes through the 0 -> 1 transition…	-	CVE-2026-46196	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7479	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlight_device->ops_lock via…	-	CVE-2026-46202	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7480	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtio_transport_build_skb() goes through …	-	CVE-2026-46207	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7481	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() msm_ioctl_gem_info_get_metadata() always returns 0 regardles…	-	CVE-2026-46211	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7482	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA dur…	-	CVE-2026-46226	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7483	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime ti…	-	CVE-2026-46228	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7484	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEA…	-	CVE-2026-46229	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7485	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly …	-	CVE-2026-46239	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7486	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 ("HID: appletb-kbd: fix slab use-after-free bug in…	-	CVE-2026-46213	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7487	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null deref…	-	CVE-2026-46222	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7488	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure When drm_gpuvm_resv_object_alloc() fails, the pre-allocated st…	-	CVE-2026-46224	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7489	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registra…	-	CVE-2026-46241	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7490	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpu_ref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to sa…	-	CVE-2026-46223	2026-05-28 22:44	2026-05-28	Show	GitHub Exploit DB Packet Storm

7491	6.1	MEDIUM Network	mistune_project	mistune	Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the render_figure() function concatenates figclass and figwidth options direc…	CWE-79 Cross-site Scripting	CVE-2026-44896	2026-05-28 22:43	2026-05-27	Show	GitHub Exploit DB Packet Storm

7492	6.1	MEDIUM Network	mistune_project	mistune	Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading() builds the opening <hN> tag by string-concatenating the id attribute value directly into the HTM…	CWE-79 Cross-site Scripting	CVE-2026-44897	2026-05-28 22:42	2026-05-27	Show	GitHub Exploit DB Packet Storm

7493	6.1	MEDIUM Network	mistune_project	mistune	Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, render_toc_ul() builds a <ul> table-of-contents tree from a list of (level, id, text) tuples. Both the id value (used a…	CWE-79 Cross-site Scripting	CVE-2026-44898	2026-05-28 22:42	2026-05-27	Show	GitHub Exploit DB Packet Storm

7494	5.4	MEDIUM Network	apache	shiro	Apache Shiro’s Jakarta EE module used the HTTP Referer header in certain cases to issue redirect after a user login. In affected versions, insufficient validation of this client-controlled value coul…	CWE-601 Open Redirect	CVE-2026-48589	2026-05-28 22:38	2026-05-26	Show	GitHub Exploit DB Packet Storm

7495	6.1	MEDIUM Network	mistune_project	mistune	Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, the Image directive plugin validates the :width: and :height: options with a regex compiled as _num_re = re.compile(r"^…	CWE-79 Cross-site Scripting	CVE-2026-44899	2026-05-28 22:38	2026-05-27	Show	GitHub Exploit DB Packet Storm

7496	8.8	HIGH Network	tanium	connect	Tanium addressed an unauthorized code execution vulnerability in Connect.	CWE-78 OS Command	CVE-2026-9207	2026-05-28 22:31	2026-05-27	Show	GitHub Exploit DB Packet Storm

7497	10.0	CRITICAL Network	free5gc	free5gc	free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2/bearer-token authorization. A network a…	CWE-863 Incorrect Authorization	CVE-2026-44330	2026-05-28 22:06	2026-05-28	Show	GitHub Exploit DB Packet Storm

7498	9.9	CRITICAL Network	-	-	A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation whe…	CWE-59 Link Following	CVE-2026-7374	2026-05-28 12:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

7499	7.2	HIGH Network	apache	syncope	Improper Isolation or Compartmentalization vulnerability in Apache Syncope. An administrator with adequate entitlements for Implementations can create a malicious Groovy class containing untrusted c…	CWE-653 Improper Isolation or Compartmentalization	CVE-2026-42782	2026-05-28 06:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

7500	2.4	LOW Physics	-	-	AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove…	CWE-288 Authentication Bypass Using an Alternate Path or Channel	CVE-2025-68711	2026-05-28 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm