NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 18, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1901	6.5	MEDIUM Network	-	-	Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header …	CWE-20 Improper Input Validation	CVE-2026-41727	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1902	6.5	MEDIUM Network	-	-	When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, ev…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-41726	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1903	5.9	MEDIUM Network	-	-	Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-41721	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1904	6.4	MEDIUM Network	-	-	A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. …	CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-41719	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1905	8.1	HIGH Network	-	-	Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated…	CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-41717	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1906	7.5	HIGH Network	-	-	Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Da…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-41716	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1907	4.0	MEDIUM Network	-	-	Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no…	CWE-295 Improper Certificate Validation	CVE-2026-41714	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1908	5.9	MEDIUM Network	-	-	Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons …	CWE-400 Uncontrolled Resource Consumption	CVE-2026-41711	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1909	6.1	MEDIUM Network	-	-	Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after…	CWE-601 Open Redirect	CVE-2026-41706	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1910	4.4	MEDIUM Network	-	-	Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.…	CWE-330 Use of Insufficiently Random Values	CVE-2026-41701	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1911	4.8	MEDIUM Network	-	-	Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can sup…	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-41697	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1912	5.9	MEDIUM Network	-	-	Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to …	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-41696	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1913	7.5	HIGH Network	-	-	Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolutio…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-41695	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1914	6.1	MEDIUM Network	-	-	Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an inva…	CWE-601 Open Redirect	CVE-2026-41008	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1915	7.3	HIGH Adjacent	-	-	An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the col…	CWE-502 Deserialization of Untrusted Data	CVE-2026-40993	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1916	5.9	MEDIUM Network	-	-	When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a maliciou…	CWE-611 XXE	CVE-2026-40991	2026-06-10 09:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1917	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-10238	2026-06-10 08:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1918	8.1	HIGH Network	-	-	Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.	CWE-284 Improper Access Control	CVE-2026-36720	2026-06-10 07:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1919	7.8	HIGH Local	-	-	Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerab…	-	CVE-2026-8863	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1920	6.3	MEDIUM Network	-	-	SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.	CWE-352 Origin Validation Error	CVE-2026-39170	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1921	7.5	HIGH Network	-	-	SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.	CWE-284 Improper Access Control	CVE-2026-39169	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1922	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to c…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36822	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1923	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows at…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36821	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1924	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability …	CWE-121 Stack-based Buffer Overflow	CVE-2026-36820	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1925	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36819	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1926	7.5	HIGH Network	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.	CWE-122 Heap-based Buffer Overflow	CVE-2023-43688	2026-06-10 06:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1927	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same …	CWE-787 Out-of-bounds Write	CVE-2026-46253	2026-06-10 05:42	2026-06-4	Show	GitHub Exploit DB Packet Storm

1928	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_r…	CWE-667 Improper Locking	CVE-2026-46252	2026-06-10 05:42	2026-06-4	Show	GitHub Exploit DB Packet Storm

1929	7.3	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, __current_thread_info is defined as global regist…	NVD-CWE-noinfo	CVE-2026-46250	2026-06-10 05:42	2026-06-4	Show	GitHub Exploit DB Packet Storm

1930	8.4	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block …	NVD-CWE-noinfo	CVE-2026-46251	2026-06-10 05:38	2026-06-4	Show	GitHub Exploit DB Packet Storm

1931	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state f…	NVD-CWE-noinfo	CVE-2026-46249	2026-06-10 05:37	2026-06-4	Show	GitHub Exploit DB Packet Storm

1932	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP STA mode but MLO connection pre…	NVD-CWE-noinfo	CVE-2026-46248	2026-06-10 05:36	2026-06-4	Show	GitHub Exploit DB Packet Storm

1933	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 ("clk: divider: remove round_rate() in favor of dete…	NVD-CWE-noinfo	CVE-2026-46247	2026-06-10 05:36	2026-06-4	Show	GitHub Exploit DB Packet Storm

1934	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for requesting IRQ _before_ the…	CWE-416 Use After Free	CVE-2026-46246	2026-06-10 05:36	2026-06-4	Show	GitHub Exploit DB Packet Storm

1935	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init amdgpu_dm_hpd_init() may see connectors without a valid dc_link. The code…	CWE-476 NULL Pointer Dereference	CVE-2026-46245	2026-06-10 05:36	2026-06-4	Show	GitHub Exploit DB Packet Storm

1936	9.1	CRITICAL Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() …	NVD-CWE-noinfo	CVE-2026-46244	2026-06-10 05:35	2026-06-4	Show	GitHub Exploit DB Packet Storm

1937	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole memory subsystem is blocke…	NVD-CWE-noinfo	CVE-2025-71314	2026-06-10 05:35	2026-06-4	Show	GitHub Exploit DB Packet Storm

1938	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Witho…	CWE-476 NULL Pointer Dereference	CVE-2025-71313	2026-06-10 05:35	2026-06-4	Show	GitHub Exploit DB Packet Storm

1939	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows att…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36823	2026-06-10 05:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1940	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allo…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36771	2026-06-10 05:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1941	7.5	HIGH Network	-	-	Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to caus…	CWE-121 Stack-based Buffer Overflow	CVE-2026-36770	2026-06-10 05:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1942	7.2	HIGH Network	-	-	A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Gr…	CWE-863 Incorrect Authorization	CVE-2026-11577	2026-06-10 05:16	2026-06-8	Show	GitHub Exploit DB Packet Storm

1943	9.8	CRITICAL Network	-	-	Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. …	-	CVE-2026-10045	2026-06-10 05:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1944	6.2	MEDIUM Local	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, lea…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2023-43686	2026-06-10 05:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1945	8.2	HIGH Local	-	-	The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if t…	CWE-190 Integer Overflow or Wraparound	CVE-2023-29146	2026-06-10 05:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1946	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignmen…	NVD-CWE-noinfo	CVE-2026-46254	2026-06-10 05:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

1947	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and enabled…	NVD-CWE-noinfo	CVE-2026-46255	2026-06-10 05:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

1948	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoi…	CWE-667 Improper Locking	CVE-2026-46256	2026-06-10 05:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

1949	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registere…	CWE-908 Use of Uninitialized Resource	CVE-2026-46257	2026-06-10 05:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

1950	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_nu…	CWE-476 NULL Pointer Dereference	CVE-2026-46258	2026-06-10 05:09	2026-06-4	Show	GitHub Exploit DB Packet Storm