NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 14, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1001	5.5	MEDIUM Local	cilium	ebpf	A vulnerability has been found in cilium ebpf up to 0.21.0. This affects the function loadRawSpec of the file btf/btf.go of the component LoadCollectionSpec/LoadCollectionSpecFromReader. Such manipul…	CWE-189 CWE-190 Numeric Errors Integer Overflow or Wraparound	CVE-2026-10722	2026-06-11 03:28	2026-06-3	Show	GitHub Exploit DB Packet Storm

1002	7.8	HIGH Local	synology	active_backup_for_business_recovery_media_creator	An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users t…	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2022-49036	2026-06-11 03:20	2026-06-3	Show	GitHub Exploit DB Packet Storm

1003	5.3	MEDIUM Local	lmsys	sglang	A vulnerability was determined in sgl-project SGLang up to 0.5.11. Affected by this vulnerability is the function data_hash of the component Cache Handler. This manipulation causes denial of service.…	CWE-404 Improper Resource Shutdown or Release	CVE-2026-10775	2026-06-11 03:19	2026-06-4	Show	GitHub Exploit DB Packet Storm

1004	-	-	-	-	An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to e…	CWE-78 OS Command	CVE-2026-9151	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1005	2.7	LOW Network	-	-	A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This…	CWE-1220 Insufficient Granularity of Access Control	CVE-2026-9088	2026-06-11 03:17	2026-06-5	Show	GitHub Exploit DB Packet Storm

1006	8.5	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Fission added PodSpec safety val…	CWE-269 CWE-732 Improper Privilege Management Incorrect Permission Assignment for Critical Resource	CVE-2026-50570	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1007	4.3	MEDIUM Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, HTTPTriggerSpec.Validate() valid…	CWE-20 Improper Input Validation	CVE-2026-50569	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1008	3.6	LOW Local	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, SanitizeFilePath in pkg/utils/ut…	CWE-41 Improper Resolution of Path Equivalence	CVE-2026-50568	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1009	7.7	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.25.0, Unarchive in pkg/utils/zip.go jo…	CWE-22 Path Traversal	CVE-2026-50567	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1010	4.9	MEDIUM Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission builder pods were create…	CWE-250 CWE-269 CWE-538 Execution with Unnecessary Privileges Improper Privilege Management File and Directory Information Exposure	CVE-2026-50565	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1011	9.9	CRITICAL Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD expose…	CWE-269 CWE-284 CWE-693 Improper Privilege Management Improper Access Control Protection Mechanism Failure	CVE-2026-50564	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1012	9.9	CRITICAL Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Container Executor pat…	CWE-269 CWE-284 Improper Privilege Management Improper Access Control	CVE-2026-50563	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1013	9.9	CRITICAL Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Environment.spec.runtime.pod…	CWE-269 CWE-284 CWE-693 Improper Privilege Management Improper Access Control Protection Mechanism Failure	CVE-2026-50545	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1014	8.5	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, the Fission Function admission w…	CWE-284 CWE-863 Improper Access Control Incorrect Authorization	CVE-2026-49824	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1015	7.7	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries …	CWE-284 CWE-863 Improper Access Control Incorrect Authorization	CVE-2026-49823	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1016	7.7	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a low-privilege developer who co…	CWE-284 CWE-862 Improper Access Control Missing Authorization	CVE-2026-49822	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1017	7.7	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's buildermgr controller …	CWE-441 CWE-862 Confused Deputy Missing Authorization	CVE-2026-49821	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1018	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-48556	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1019	-	-	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, before the round-1 security swee…	CWE-78 CWE-250 CWE-269 OS Command Execution with Unnecessary Privileges Improper Privilege Management	CVE-2026-46618	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1020	-	-	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, Fission runtime pods were create…	CWE-250 CWE-269 CWE-538 Execution with Unnecessary Privileges Improper Privilege Management File and Directory Information Exposure	CVE-2026-46617	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1021	9.8	CRITICAL Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission router registers an …	CWE-284 CWE-862 Improper Access Control Missing Authorization	CVE-2026-46614	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1022	8.8	HIGH Network	-	-	Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.23.0, the Fission storagesvc component…	CWE-306 Missing Authentication for Critical Function	CVE-2026-46612	2026-06-11 03:17	2026-06-11	Show	GitHub Exploit DB Packet Storm

1023	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Den…	CWE-120 Classic Buffer Overflow	CVE-2026-36803	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1024	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a …	CWE-120 Classic Buffer Overflow	CVE-2026-36802	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1025	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers…	CWE-120 Classic Buffer Overflow	CVE-2026-36801	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1026	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password param…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36794	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1027	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parame…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36793	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1028	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to ca…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36791	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1029	4.9	MEDIUM Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerabili…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36778	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1030	6.5	MEDIUM Adjacent	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. This vulnerability allows at…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36777	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1031	6.5	MEDIUM Adjacent	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows atta…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36773	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1032	6.5	MEDIUM Adjacent	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. This vulnerability allo…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36772	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1033	5.3	MEDIUM Network	-	-	An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal …	CWE-22 Path Traversal	CVE-2026-36726	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1034	8.8	HIGH Network	-	-	An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temp…	CWE-22 Path Traversal	CVE-2026-36723	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1035	5.4	MEDIUM Network	-	-	An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-36722	2026-06-11 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1036	4.7	MEDIUM Network	-	-	In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a to…	CWE-1284 Improper Validation of Specified Quantity in Input	CVE-2026-11596	2026-06-11 03:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1037	2.5	LOW Local	gradio_project	gradio	A security flaw has been discovered in gradio-app gradio 6.14.0. This affects the function save_audio_to_cache of the component Audio Cache Key Handler. Performing a manipulation results in use of we…	CWE-327 CWE-328 Use of a Broken or Risky Cryptographic Algorithm Use of Weak Hash	CVE-2026-10783	2026-06-11 03:06	2026-06-4	Show	GitHub Exploit DB Packet Storm

1038	7.0	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.	CWE-426 Untrusted Search Path	CVE-2026-47648	2026-06-11 02:54	2026-06-10	Show	GitHub Exploit DB Packet Storm

1039	8.2	HIGH Local	microsoft	windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2022 windows_server_2025	Out-of-bounds read in Windows Hyper-V allows an unauthorized attacker to execute code locally.	CWE-122 Heap-based Buffer Overflow	CVE-2026-47652	2026-06-11 02:53	2026-06-10	Show	GitHub Exploit DB Packet Storm

1040	7.9	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.	CWE-693 Protection Mechanism Failure	CVE-2026-47656	2026-06-11 02:52	2026-06-10	Show	GitHub Exploit DB Packet Storm

1041	4.7	MEDIUM Local	snowflake	streamlit	A vulnerability has been found in Streamlit up to 1.53.0. Impacted is an unknown function in the library lib/streamlit/runtime/caching/hashing.py of the component Palette Handler. Such manipulation l…	CWE-327 CWE-328 Use of a Broken or Risky Cryptographic Algorithm Use of Weak Hash	CVE-2026-10804	2026-06-11 02:47	2026-06-4	Show	GitHub Exploit DB Packet Storm

1042	7.5	HIGH Network	microsoft	windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2019 windows_server_2022 windows_server_2025	Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.	CWE-416 CWE-787 Use After Free Out-of-bounds Write	CVE-2026-48563	2026-06-11 02:32	2026-06-10	Show	GitHub Exploit DB Packet Storm

1043	7.0	HIGH Local	milvus	milvus	A vulnerability has been found in milvus-io milvus up to 2.6.13. This vulnerability affects unknown code of the file internal/metastore/kv/rootcoord/kv_catalog.go of the component Grantee ID Hash Han…	CWE-327 CWE-328 Use of a Broken or Risky Cryptographic Algorithm Use of Weak Hash	CVE-2026-10814	2026-06-11 02:32	2026-06-5	Show	GitHub Exploit DB Packet Storm

1044	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafte…	CWE-451 User Interface (UI) Misrepresentation of Critical Information	CVE-2026-11228	2026-06-11 02:25	2026-06-5	Show	GitHub Exploit DB Packet Storm

1045	6.5	MEDIUM Network	google	chrome	Type Confusion in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted XML file. (Chromium security seve…	CWE-843 Type Confusion	CVE-2026-11196	2026-06-11 02:25	2026-06-5	Show	GitHub Exploit DB Packet Storm

1046	5.5	MEDIUM Local	microsoft	windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2025	Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.	CWE-125 Out-of-bounds Read	CVE-2026-48566	2026-06-11 02:19	2026-06-10	Show	GitHub Exploit DB Packet Storm

1047	7.9	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.	CWE-693 Protection Mechanism Failure	CVE-2026-48568	2026-06-11 02:18	2026-06-10	Show	GitHub Exploit DB Packet Storm

1048	7.9	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.	CWE-693 Protection Mechanism Failure	CVE-2026-48570	2026-06-11 02:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1049	8.3	HIGH Network	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, there is an authentication bypass vulnerability via 'api' substring in URL + unau…	CWE-287 CWE-306 CWE-697 Improper Authentication Missing Authentication for Critical Function Incorrect Comparison	CVE-2026-45567	2026-06-11 02:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1050	6.1	MEDIUM Network	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or …	CWE-601 Open Redirect	CVE-2026-45566	2026-06-11 02:16	2026-06-11	Show	GitHub Exploit DB Packet Storm