NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 17, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1451	7.5	HIGH Network	-	-	kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by…	CWE-789 Memory Allocation with Excessive Size Value	CVE-2026-10142	2026-06-12 00:22	2026-06-11	Show	GitHub Exploit DB Packet Storm

1452	7.5	HIGH Network	-	-	kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in SCRAM authentication handling that allows a malicious or machine-in-the-middle broker to freeze the client event loop by supp…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-10143	2026-06-12 00:22	2026-06-11	Show	GitHub Exploit DB Packet Storm

1453	-	-	-	-	A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue i…	CWE-79 Cross-site Scripting	CVE-2026-0266	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1454	-	-	-	-	An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the Glo…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-0267	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1455	-	-	-	-	A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Window…	CWE-424 Improper Protection of Alternate Path	CVE-2026-0268	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1456	-	-	-	-	A memory corruption vulnerability in the processing of tunnel traffic in Palo Alto Networks PAN-OS® software allows an authenticated user to initiate system reboots using a maliciously crafted packet…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2026-0269	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1457	-	-	-	-	A path traversal vulnerability in Palo Alto Networks Cortex XSOAR engine software running on Linux allows an unauthenticated attacker on an adjacent network, with the ability to intercept and manipu…	CWE-22 Path Traversal	CVE-2026-0270	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1458	-	-	-	-	A privilege escalation (PE) vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Pri…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-0271	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1459	-	-	-	-	An improper validation of credentials vulnerability in the CommvaultSecurityIQ integration for Cortex XSOAR and Cortex XSIAM allows an unauthenticated attacker to access and modify protected resource…	CWE-1390 Weak Authentication	CVE-2026-0274	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1460	-	-	-	-	A privilege escalation vulnerability in Palo Alto Networks PAN-OS® software allows an authenticated administrator with access to the Command Line Interface (CLI) to perform actions on the device with…	CWE-862 Missing Authorization	CVE-2026-0272	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1461	-	-	-	-	A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to …	CWE-78 OS Command	CVE-2026-0273	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1462	-	-	-	-	An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kern…	CWE-122 CWE-131 CWE-787 Heap-based Buffer Overflow Incorrect Calculation of Buffer Size Out-of-bounds Write	CVE-2026-11604	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1463	6.4	MEDIUM Network	-	-	Applications that configure the WebFlowELExpressionParser are vulnerable to the use of malicious Unified EL expressions. Affected versions: Spring Web Flow 4.0.0; 3.0.0 through 3.0.1; 2.5.0 through …	CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-40985	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1464	4.8	MEDIUM Network	-	-	Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if t…	CWE-79 Cross-site Scripting	CVE-2026-40986	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1465	7.1	HIGH Network	-	-	A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured local-directory) with attacker-controlled content. Affected version…	CWE-22 Path Traversal	CVE-2026-40987	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1466	5.0	MEDIUM Adjacent	-	-	Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=tru…	CWE-295 Improper Certificate Validation	CVE-2026-40992	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1467	8.2	HIGH Network	-	-	Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security…	CWE-1188 Insecure Default Initialization of Resource	CVE-2026-40994	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1468	5.4	MEDIUM Network	-	-	X509AuthenticationProvider could issue a fully authenticated X509AuthenticationToken when a presented certificate mapped to UserDetails, without applying Spring Security's standard account lifecycle …	CWE-287 Improper Authentication	CVE-2026-40995	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1469	4.8	MEDIUM Network	-	-	Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept R…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2026-40996	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1470	5.3	MEDIUM Network	-	-	Several Spring WS integration paths with Spring Security could surface detailed account state (for example locked or disabled user semantics) to remote SOAP clients through exception messages or call…	CWE-209 Information Exposure Through an Error Message	CVE-2026-40997	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1471	8.2	HIGH Network	-	-	Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled XML with the JDK's default DocumentBuilderFactory behavior inst…	CWE-611 XXE	CVE-2026-40998	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1472	8.6	HIGH Network	-	-	When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken dire…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-40999	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1473	3.7	LOW Network	-	-	Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and …	CWE-294 Authentication Bypass by Capture-replay	CVE-2026-41000	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1474	5.3	MEDIUM Local	-	-	Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same …	CWE-377 Insecure Temporary File	CVE-2026-41001	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1475	7.8	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.	CWE-190 CWE-416 Integer Overflow or Wraparound Use After Free	CVE-2026-45592	2026-06-12 00:21	2026-06-10	Show	GitHub Exploit DB Packet Storm

1476	8.8	HIGH Network	-	-	Dulwich is a pure-Python implementation of the Git file formats and protocols. Versions starting with 0.10.0 and prior to 1.2.5 have an arbitrary file write leading to remote code execution when clon…	CWE-22 Path Traversal	CVE-2026-42305	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1477	-	-	-	-	Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, Dulwich's `ProcessMergeDriver` substitutes the file path (from th…	CWE-78 OS Command	CVE-2026-42563	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1478	10.0	CRITICAL Network	-	-	Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not res…	CWE-284 Improper Access Control	CVE-2026-46695	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1479	9.6	CRITICAL Network	-	-	Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite allows users…	CWE-22 Path Traversal	CVE-2026-46703	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1480	6.5	MEDIUM Network	-	-	Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run untrusted code. In versions 0.8.2 and prior, Boxlite allows …	CWE-404 Improper Resource Shutdown or Release	CVE-2026-47213	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1481	3.3	LOW Local	-	-	Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.format_patch(outdir=...) derives each patch fil…	CWE-22 Path Traversal	CVE-2026-47712	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1482	5.7	MEDIUM Network	-	-	Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.1.0 and prior to version 1.2.5, a client with push access could push a tiny crafted thin pack (~17…	CWE-400 CWE-789 Uncontrolled Resource Consumption Memory Allocation with Excessive Size Value	CVE-2026-47734	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1483	7.5	HIGH Network	-	-	Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.23.2 and prior to version 1.2.5, `dulwich.porcelain.submodule_update`, and by extension `porcelain…	CWE-22 Path Traversal	CVE-2026-52726	2026-06-12 00:21	2026-06-11	Show	GitHub Exploit DB Packet Storm

1484	7.8	HIGH Local	microsoft	windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2019 windows_server_2022 windows_server_2025	Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.	CWE-190 CWE-416 Integer Overflow or Wraparound Use After Free	CVE-2026-45593	2026-06-12 00:14	2026-06-10	Show	GitHub Exploit DB Packet Storm

1485	5.5	MEDIUM Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Exposure of sensitive information to an unauthorized actor in Windows Application Identity (AppID) Subsystem allows an authorized attacker to disclose information locally.	CWE-200 Information Exposure	CVE-2026-45594	2026-06-12 00:13	2026-06-10	Show	GitHub Exploit DB Packet Storm

1486	5.4	MEDIUM Network	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.	CWE-693 Protection Mechanism Failure	CVE-2026-45595	2026-06-12 00:10	2026-06-10	Show	GitHub Exploit DB Packet Storm

1487	7.0	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.	CWE-362 CWE-416 Race Condition Use After Free	CVE-2026-45596	2026-06-12 00:07	2026-06-10	Show	GitHub Exploit DB Packet Storm

1488	7.0	HIGH Local	microsoft	windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2022 windows_server_2025	Concurrent execution using shared resource with improper synchronization ('race condition') in UI Automation Manager (uiamanager.dll) allows an authorized attacker to elevate privileges locally.	CWE-362 Race Condition	CVE-2026-45597	2026-06-12 00:03	2026-06-10	Show	GitHub Exploit DB Packet Storm

1489	7.0	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.	CWE-362 Race Condition	CVE-2026-45598	2026-06-12 00:00	2026-06-10	Show	GitHub Exploit DB Packet Storm

1490	8.1	HIGH Network	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.	CWE-416 Use After Free	CVE-2026-45599	2026-06-11 23:57	2026-06-10	Show	GitHub Exploit DB Packet Storm

1491	7.1	HIGH Local	-	-	A malicious application may cause unexpected changes in memory shared between processes. A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey …	CWE-362 Race Condition	CVE-2022-26758	2026-06-11 23:43	2026-06-11	Show	GitHub Exploit DB Packet Storm

1492	3.5	LOW Physics	-	-	A person with access to a Mac may be able to bypass Login Window. A consistency issue was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4.	CWE-287 Improper Authentication	CVE-2022-48575	2026-06-11 23:43	2026-06-11	Show	GitHub Exploit DB Packet Storm

1493	5.3	MEDIUM Local	-	-	Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of …	CWE-20 Improper Input Validation	CVE-2024-21944	2026-06-11 23:43	2026-06-11	Show	GitHub Exploit DB Packet Storm

1494	3.7	LOW Network	-	-	A vulnerability was determined in TwiN gatus 5.36.0. Impacted is the function setSessionCookie of the file security/oidc.go of the component OIDC Session Cookie Handler. Executing a manipulation can …	CWE-614 CWE-1004 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute Sensitive Cookie Without 'HttpOnly' Flag	CVE-2026-11956	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm

1495	4.7	MEDIUM Network	-	-	The Open User Map PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'oum_location_notification' parameter in versions up to, and including, 1.4.31 due to insufficient inpu…	CWE-79 Cross-site Scripting	CVE-2026-2827	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm

1496	8.1	HIGH Network	-	-	The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.26.4 via the UpdraftPlus_Remote_Communications_V2::wp…	CWE-347 Improper Verification of Cryptographic Signature	CVE-2026-10795	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm

1497	7.1	HIGH Network	-	-	Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.	CWE-79 Cross-site Scripting	CVE-2023-33999	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm

1498	5.3	MEDIUM Network	-	-	Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Lev…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2023-40200	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm

1499	4.3	MEDIUM Network	-	-	Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2.	CWE-352 Origin Validation Error	CVE-2024-32110	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm

1500	5.4	MEDIUM Network	-	-	Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Soledad: from n/a through 8.2.5.	CWE-862 Missing Authorization	CVE-2022-42479	2026-06-11 23:42	2026-06-11	Show	GitHub Exploit DB Packet Storm