NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 18, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1951	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() acces…	NVD-CWE-noinfo	CVE-2026-46259	2026-06-10 05:09	2026-06-4	Show	GitHub Exploit DB Packet Storm

1952	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 rout…	CWE-125 Out-of-bounds Read	CVE-2026-46260	2026-06-10 05:09	2026-06-4	Show	GitHub Exploit DB Packet Storm

1953	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which w…	CWE-476 NULL Pointer Dereference	CVE-2026-46261	2026-06-10 05:03	2026-06-4	Show	GitHub Exploit DB Packet Storm

1954	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing loc…	CWE-667 Improper Locking	CVE-2026-46262	2026-06-10 04:59	2026-06-4	Show	GitHub Exploit DB Packet Storm

1955	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out o…	CWE-125 Out-of-bounds Read	CVE-2026-46263	2026-06-10 04:57	2026-06-4	Show	GitHub Exploit DB Packet Storm

1956	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WAR…	CWE-362 Race Condition	CVE-2026-46272	2026-06-10 04:52	2026-06-4	Show	GitHub Exploit DB Packet Storm

1957	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads…	NVD-CWE-noinfo	CVE-2026-46271	2026-06-10 04:52	2026-06-4	Show	GitHub Exploit DB Packet Storm

1958	8.4	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `de…	CWE-416 Use After Free	CVE-2026-46270	2026-06-10 04:52	2026-06-4	Show	GitHub Exploit DB Packet Storm

1959	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel trig…	CWE-476 NULL Pointer Dereference	CVE-2026-46269	2026-06-10 04:51	2026-06-4	Show	GitHub Exploit DB Packet Storm

1960	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma…	NVD-CWE-noinfo	CVE-2026-46268	2026-06-10 04:48	2026-06-4	Show	GitHub Exploit DB Packet Storm

1961	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc s…	CWE-416 Use After Free	CVE-2026-46267	2026-06-10 04:48	2026-06-4	Show	GitHub Exploit DB Packet Storm

1962	9.1	CRITICAL Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IP…	NVD-CWE-noinfo	CVE-2026-46266	2026-06-10 04:47	2026-06-4	Show	GitHub Exploit DB Packet Storm

1963	7.5	HIGH Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: …	NVD-CWE-noinfo	CVE-2026-46265	2026-06-10 04:46	2026-06-4	Show	GitHub Exploit DB Packet Storm

1964	5.7	MEDIUM Physics	-	-	Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of P…	CWE-261 Weak Encoding for Password	CVE-2026-40639	2026-06-10 04:30	2026-06-10	Show	GitHub Exploit DB Packet Storm

1965	8.8	HIGH Network	google	chrome	Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …	CWE-125 CWE-787 Out-of-bounds Read Out-of-bounds Write	CVE-2026-10941	2026-06-10 04:21	2026-06-5	Show	GitHub Exploit DB Packet Storm

1966	8.8	HIGH Network	google	chrome	Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-10943	2026-06-10 04:02	2026-06-5	Show	GitHub Exploit DB Packet Storm

1967	8.8	HIGH Network	google	chrome	Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted…	CWE-416 Use After Free	CVE-2026-10945	2026-06-10 04:01	2026-06-5	Show	GitHub Exploit DB Packet Storm

1968	4.7	MEDIUM Network	google	chrome	Insufficient policy enforcement in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted H…	CWE-20 Improper Input Validation	CVE-2026-11233	2026-06-10 03:58	2026-06-5	Show	GitHub Exploit DB Packet Storm

1969	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-451 User Interface (UI) Misrepresentation of Critical Information	CVE-2026-11294	2026-06-10 03:55	2026-06-5	Show	GitHub Exploit DB Packet Storm

1970	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in FoldableAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pag…	CWE-693 Protection Mechanism Failure	CVE-2026-11234	2026-06-10 03:54	2026-06-5	Show	GitHub Exploit DB Packet Storm

1971	7.5	HIGH Network	google	chrome	Heap buffer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a…	CWE-122 Heap-based Buffer Overflow	CVE-2026-10946	2026-06-10 03:53	2026-06-5	Show	GitHub Exploit DB Packet Storm

1972	8.8	HIGH Network	google	chrome	Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-10947	2026-06-10 03:53	2026-06-5	Show	GitHub Exploit DB Packet Storm

1973	8.8	HIGH Network	google	chrome	Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-10948	2026-06-10 03:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

1974	8.3	HIGH Network	google	chrome	Heap buffer overflow in Video in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag…	CWE-122 Heap-based Buffer Overflow	CVE-2026-10949	2026-06-10 03:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

1975	8.8	HIGH Network	google	chrome	Use after free in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-10954	2026-06-10 03:49	2026-06-5	Show	GitHub Exploit DB Packet Storm

1976	8.8	HIGH Network	google	chrome	Use after free in MimeHandlerView in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…	CWE-416 Use After Free	CVE-2026-10956	2026-06-10 03:48	2026-06-5	Show	GitHub Exploit DB Packet Storm

1977	6.3	MEDIUM Network	google	chrome	Inappropriate implementation in Media Session in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medi…	CWE-346 Origin Validation Error	CVE-2026-11181	2026-06-10 03:47	2026-06-5	Show	GitHub Exploit DB Packet Storm

1978	8.8	HIGH Network	google	chrome	Insufficient policy enforcement in Compositing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox vi…	CWE-20 Improper Input Validation	CVE-2026-11235	2026-06-10 03:44	2026-06-5	Show	GitHub Exploit DB Packet Storm

1979	8.3	HIGH Network	google	chrome	Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via…	CWE-602 Client-Side Enforcement of Server-Side Security	CVE-2026-11236	2026-06-10 03:42	2026-06-5	Show	GitHub Exploit DB Packet Storm

1980	8.3	HIGH Network	google	chrome	Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTM…	CWE-20 Improper Input Validation	CVE-2026-11237	2026-06-10 03:41	2026-06-5	Show	GitHub Exploit DB Packet Storm

1981	6.5	MEDIUM Network	google	chrome	Uninitialized Use in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CWE-457 Use of Uninitialized Variable	CVE-2026-11268	2026-06-10 03:38	2026-06-5	Show	GitHub Exploit DB Packet Storm

1982	8.8	HIGH Network	google	chrome	Insufficient validation of untrusted input in Reading List in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform p…	CWE-20 Improper Input Validation	CVE-2026-11272	2026-06-10 03:34	2026-06-5	Show	GitHub Exploit DB Packet Storm

1983	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security se…	CWE-284 Improper Access Control	CVE-2026-11274	2026-06-10 03:32	2026-06-5	Show	GitHub Exploit DB Packet Storm

1984	9.3	CRITICAL Network	checkpoint	gaia_os gaia_embedded	A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish …	CWE-287 Improper Authentication	CVE-2026-50751	2026-06-10 03:30	2026-06-8	Show	GitHub Exploit DB Packet Storm

1985	4.3	MEDIUM Network	google	chrome	Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…	CWE-284 Improper Access Control	CVE-2026-11277	2026-06-10 03:26	2026-06-5	Show	GitHub Exploit DB Packet Storm

1986	5.8	MEDIUM Network	-	-	On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is …	CWE-1023 Incomplete Comparison with Missing Factors	CVE-2026-7473	2026-06-10 03:17	2026-06-6	Show	GitHub Exploit DB Packet Storm

1987	8.8	HIGH Network	-	-	The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid I…	CWE-89 SQL Injection	CVE-2026-50636	2026-06-10 03:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1988	8.8	HIGH Network	-	-	LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the d…	CWE-640 Weak Password Recovery Mechanism for Forgotten Password	CVE-2026-50635	2026-06-10 03:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1989	6.5	MEDIUM Network	-	-	Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoi…	CWE-862 Missing Authorization	CVE-2026-49956	2026-06-10 03:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1990	6.3	MEDIUM Local	-	-	Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…	CWE-59 Link Following	CVE-2026-44275	2026-06-10 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1991	6.3	MEDIUM Local	-	-	Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could p…	CWE-1386 Insecure Operation on Windows Junction / Mount Point	CVE-2026-41116	2026-06-10 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1992	8.8	HIGH Network	google	chrome	Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …	CWE-125 CWE-787 Out-of-bounds Read Out-of-bounds Write	CVE-2026-11645	2026-06-10 03:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

1993	-	-	-	-	Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) po…	CWE-1262 Improper Access Control for Register Interface	CVE-2025-54509	2026-06-10 03:16	2026-06-10	Show	GitHub Exploit DB Packet Storm

1994	8.6	HIGH Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when …	NVD-CWE-noinfo	CVE-2026-46273	2026-06-10 02:31	2026-06-4	Show	GitHub Exploit DB Packet Storm

1995	8.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Fix sysfs initialization In case of devm_add_action_or_reset() failure the provided cleanup action will be run immedia…	CWE-416 Use After Free	CVE-2026-46264	2026-06-10 02:26	2026-06-4	Show	GitHub Exploit DB Packet Storm

1996	8.1	HIGH Network	google	chrome	Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (…	CWE-346 Origin Validation Error	CVE-2026-11693	2026-06-10 02:26	2026-06-9	Show	GitHub Exploit DB Packet Storm

1997	5.4	MEDIUM Network	google	chrome	Inappropriate implementation in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)	CWE-20 NVD-CWE-noinfo Improper Input Validation	CVE-2026-11701	2026-06-10 02:24	2026-06-9	Show	GitHub Exploit DB Packet Storm

1998	7.5	HIGH Network	perl	dbi	DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer wit…	CWE-787 Out-of-bounds Write	CVE-2026-9698	2026-06-10 02:20	2026-06-9	Show	GitHub Exploit DB Packet Storm

1999	9.8	CRITICAL Network	-	-	YesWiki is a wiki system written in PHP. Prior to version 4.6.6, an unsafe execution vulnerability exists in the Bazar form field calculator (CalcField.php) of YesWiki. The application attempts to sa…	CWE-94 CWE-1333 Code Injection Inefficient Regular Expression Complexity	CVE-2026-52778	2026-06-10 02:17	2026-06-9	Show	GitHub Exploit DB Packet Storm

2000	6.5	MEDIUM Network	-	-	Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.	CWE-200 Information Exposure	CVE-2026-50508	2026-06-10 02:17	2026-06-10	Show	GitHub Exploit DB Packet Storm