NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 20, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2351	5.4	MEDIUM Network	-	-	A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-11533	2026-06-9 10:34	2026-06-9	Show	GitHub Exploit DB Packet Storm

2352	3.5	LOW Network	-	-	A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manip…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-11534	2026-06-9 10:34	2026-06-9	Show	GitHub Exploit DB Packet Storm

2353	5.3	MEDIUM Network	-	-	A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk…	CWE-255 CWE-259 Credentials Management Use of Hard-coded Password	CVE-2026-11552	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2354	8.8	HIGH Network	-	-	A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st…	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-11553	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2355	4.3	MEDIUM Network	-	-	A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi…	CWE-266 CWE-272 Incorrect Privilege Assignment Least Privilege Violation	CVE-2026-11554	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2356	8.8	HIGH Network	-	-	A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-11556	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2357	8.8	HIGH Network	-	-	A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a man…	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-11557	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2358	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11558	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2359	6.3	MEDIUM Network	-	-	A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack …	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11559	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2360	7.3	HIGH Network	-	-	A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argumen…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11582	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2361	6.3	MEDIUM Network	-	-	A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argum…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11583	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2362	6.3	MEDIUM Network	-	-	A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of th…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11584	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2363	6.3	MEDIUM Network	-	-	A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the a…	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11585	2026-06-9 10:32	2026-06-9	Show	GitHub Exploit DB Packet Storm

2364	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after …	CWE-613 Insufficient Session Expiration	CVE-2026-46401	2026-06-9 05:17	2026-06-6	Show	GitHub Exploit DB Packet Storm

2365	8.2	HIGH Network	-	-	CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan…	CWE-94 Code Injection	CVE-2026-41249	2026-06-9 05:17	2026-06-5	Show	GitHub Exploit DB Packet Storm

2366	9.8	CRITICAL Network	-	-	Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…	CWE-287 CWE-306 CWE-1390 Improper Authentication Missing Authentication for Critical Function Weak Authentication	CVE-2026-6274	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2367	7.5	HIGH Network	-	-	Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …	CWE-22 Path Traversal	CVE-2026-50234	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2368	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…	CWE-78 OS Command	CVE-2026-46394	2026-06-9 04:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

2369	-	-	-	-	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…	CWE-772 CWE-775 Missing Release of Resource after Effective Lifetime Missing Release of File Descriptor or Handle after Effective Lifetime	CVE-2026-45287	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2370	4.3	MEDIUM Network	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…	CWE-650 Trusting HTTP Permission Methods on the Server Side	CVE-2026-42543	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2371	-	-	-	-	Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…	CWE-863 Incorrect Authorization	CVE-2026-41235	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2372	7.8	HIGH Local	-	-	A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.	CWE-427 Uncontrolled Search Path Element	CVE-2026-36574	2026-06-9 04:16	2026-06-4	Show	GitHub Exploit DB Packet Storm

2373	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …	CWE-20 Improper Input Validation	CVE-2026-11113	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2374	7.4	HIGH Network	google	chrome	Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-457 Use of Uninitialized Variable	CVE-2026-10973	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2375	9.6	CRITICAL Network	google	chrome	Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-10972	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2376	7.4	HIGH Network	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …	CWE-20 Improper Input Validation	CVE-2026-10968	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2377	9.6	CRITICAL Network	google	chrome	Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…	CWE-20 Improper Input Validation	CVE-2026-10966	2026-06-9 04:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2378	6.0	MEDIUM Network	arista	ng_firewall	An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely…	CWE-78 OS Command	CVE-2026-25620	2026-06-9 04:15	2026-06-6	Show	GitHub Exploit DB Packet Storm

2379	6.0	MEDIUM Network	arista	ng_firewall	A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects versi…	CWE-78 OS Command	CVE-2026-25621	2026-06-9 04:13	2026-06-6	Show	GitHub Exploit DB Packet Storm

2380	6.0	MEDIUM Network	arista	ng_firewall	A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logg…	CWE-78 OS Command	CVE-2026-25622	2026-06-9 04:10	2026-06-6	Show	GitHub Exploit DB Packet Storm

2381	6.0	MEDIUM Network	arista	ng_firewall	An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators c…	CWE-78 OS Command	CVE-2026-25623	2026-06-9 04:10	2026-06-6	Show	GitHub Exploit DB Packet Storm

2382	4.8	MEDIUM Network	arista	ng_firewall	An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated use…	CWE-79 Cross-site Scripting	CVE-2026-25624	2026-06-9 04:08	2026-06-6	Show	GitHub Exploit DB Packet Storm

2383	7.4	HIGH Network	asynchttpclient_project	async-http-client	The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch pri…	CWE-200 Information Exposure	CVE-2026-45300	2026-06-9 03:37	2026-06-6	Show	GitHub Exploit DB Packet Storm

2384	6.5	MEDIUM Network	google	chrome	Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr…	CWE-20 NVD-CWE-noinfo Improper Input Validation	CVE-2026-11022	2026-06-9 03:37	2026-06-5	Show	GitHub Exploit DB Packet Storm

2385	7.8	HIGH Local	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function Ch…	CWE-121 Stack-based Buffer Overflow	CVE-2026-50259	2026-06-9 03:28	2026-06-5	Show	GitHub Exploit DB Packet Storm

2386	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted…	CWE-284 Improper Access Control	CVE-2026-11017	2026-06-9 03:17	2026-06-5	Show	GitHub Exploit DB Packet Storm

2387	6.5	MEDIUM Network	google	chrome	Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi…	CWE-602 Client-Side Enforcement of Server-Side Security	CVE-2026-11018	2026-06-9 03:17	2026-06-5	Show	GitHub Exploit DB Packet Storm

2388	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted…	CWE-290 CWE-451 Authentication Bypass by Spoofing User Interface (UI) Misrepresentation of Critical Information	CVE-2026-11019	2026-06-9 03:17	2026-06-5	Show	GitHub Exploit DB Packet Storm

2389	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)	CWE-346 CWE-352 Origin Validation Error Origin Validation Error	CVE-2026-11020	2026-06-9 03:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2390	7.2	HIGH Network	-	-	Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack…	CWE-79 Cross-site Scripting	CVE-2026-50232	2026-06-9 03:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2391	7.1	HIGH Network	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmwar…	CWE-125 Out-of-bounds Read	CVE-2026-48111	2026-06-9 03:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

2392	8.1	HIGH Network	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer ove…	CWE-125 Out-of-bounds Read	CVE-2026-48092	2026-06-9 03:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

2393	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbo…	CWE-20 Improper Input Validation	CVE-2026-11021	2026-06-9 03:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2394	4.3	MEDIUM Network	google	chrome	Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…	CWE-284 Improper Access Control	CVE-2026-11302	2026-06-9 03:12	2026-06-5	Show	GitHub Exploit DB Packet Storm

2395	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-451 User Interface (UI) Misrepresentation of Critical Information	CVE-2026-11300	2026-06-9 03:10	2026-06-5	Show	GitHub Exploit DB Packet Storm

2396	6.5	MEDIUM Network	google	chrome	Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v…	CWE-20 Improper Input Validation	CVE-2026-11007	2026-06-9 03:09	2026-06-5	Show	GitHub Exploit DB Packet Storm

2397	6.5	MEDIUM Network	google	chrome	Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a…	CWE-20 Improper Input Validation	CVE-2026-11008	2026-06-9 03:09	2026-06-5	Show	GitHub Exploit DB Packet Storm

2398	8.1	HIGH Network	google	chrome	Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted H…	CWE-602 Client-Side Enforcement of Server-Side Security	CVE-2026-11011	2026-06-9 03:09	2026-06-5	Show	GitHub Exploit DB Packet Storm

2399	6.5	MEDIUM Network	google	chrome	Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted …	CWE-602 Client-Side Enforcement of Server-Side Security	CVE-2026-11014	2026-06-9 03:08	2026-06-5	Show	GitHub Exploit DB Packet Storm

2400	8.8	HIGH Network	google	chrome	Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromi…	CWE-125 Out-of-bounds Read	CVE-2026-11301	2026-06-9 03:08	2026-06-5	Show	GitHub Exploit DB Packet Storm