NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 21, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2501	4.7	MEDIUM Network	-	-	A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument ku…	CWE-74 CWE-77 Injection Command Injection	CVE-2026-11448	2026-06-9 01:16	2026-06-7	Show	GitHub Exploit DB Packet Storm

2502	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …	CWE-20 Improper Input Validation	CVE-2026-11120	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2503	7.2	HIGH Network	-	-	A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to …	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-10870	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2504	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in conc…	-	CVE-2025-71315	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

2505	4.8	MEDIUM Network	checkmk	checkmk	Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicio…	CWE-79 Cross-site Scripting	CVE-2026-8078	2026-06-9 00:53	2026-06-8	Show	GitHub Exploit DB Packet Storm

2506	5.4	MEDIUM Network	checkmk	checkmk	Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a danger…	CWE-79 Cross-site Scripting	CVE-2026-7186	2026-06-9 00:53	2026-06-8	Show	GitHub Exploit DB Packet Storm

2507	4.8	MEDIUM Network	checkmk	checkmk	Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom c…	CWE-79 Cross-site Scripting	CVE-2026-9549	2026-06-9 00:53	2026-06-8	Show	GitHub Exploit DB Packet Storm

2508	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perfor…	CWE-20 Improper Input Validation	CVE-2026-11056	2026-06-9 00:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

2509	6.5	MEDIUM Network	google	chrome	Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:…	CWE-20 Improper Input Validation	CVE-2026-11069	2026-06-9 00:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

2510	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the network process to potentially perform a …	CWE-20 Improper Input Validation	CVE-2026-11070	2026-06-9 00:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

2511	8.8	HIGH Network	google	chrome	Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process mem…	CWE-416 Use After Free	CVE-2026-11071	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2512	7.8	HIGH Local	google	chrome	Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: Medium)	CWE-416 Use After Free	CVE-2026-11072	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2513	6.5	MEDIUM Network	google	chrome	Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security s…	CWE-416 Use After Free	CVE-2026-11073	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2514	6.5	MEDIUM Network	google	chrome	Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security …	CWE-125 Out-of-bounds Read	CVE-2026-11075	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2515	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p…	CWE-20 CWE-284 Improper Input Validation Improper Access Control	CVE-2026-11078	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2516	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. …	CWE-20 Improper Input Validation	CVE-2026-11093	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2517	9.6	CRITICAL Network	google	chrome	Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…	CWE-416 Use After Free	CVE-2026-11094	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

2518	9.9	CRITICAL Network	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is v…	CWE-78 OS Command	CVE-2026-45744	2026-06-9 00:25	2026-06-6	Show	GitHub Exploit DB Packet Storm

2519	9.6	CRITICAL Network	guardrailsai	guardrails_ai	Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. …	CWE-506 Embedded Malicious Code	CVE-2026-45758	2026-06-9 00:22	2026-06-6	Show	GitHub Exploit DB Packet Storm

2520	7.8	HIGH Local	bitdefender	napoca	Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler comput…	CWE-787 Out-of-bounds Write	CVE-2026-10046	2026-06-9 00:18	2026-06-3	Show	GitHub Exploit DB Packet Storm

2521	7.8	HIGH Local	bitdefender	napoca	The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled S…	CWE-787 Out-of-bounds Write	CVE-2026-10047	2026-06-9 00:17	2026-06-3	Show	GitHub Exploit DB Packet Storm

2522	7.0	HIGH Local	-	-	Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292	-	CVE-2026-50265	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2523	7.5	HIGH Network	-	-	bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service.	CWE-125 Out-of-bounds Read	CVE-2026-38570	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2524	9.8	CRITICAL Network	-	-	GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.	CWE-328 Use of Weak Hash	CVE-2026-36182	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2525	4.6	MEDIUM Physics	-	-	A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot sessi…	-	CVE-2026-36180	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2526	4.6	MEDIUM Physics	-	-	GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtai…	CWE-256 Plaintext Storage of a Password	CVE-2026-36174	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2527	9.8	CRITICAL Network	-	-	T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.	CWE-259 Use of Hard-coded Password	CVE-2026-35905	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2528	9.8	CRITICAL Network	-	-	Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via …	CWE-284 Improper Access Control	CVE-2026-35904	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

2529	8.4	HIGH Local	-	-	clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-26422	2026-06-9 00:16	2026-06-7	Show	GitHub Exploit DB Packet Storm

2530	3.5	LOW Network	-	-	A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a ma…	CWE-74 CWE-80 Injection Basic XSS	CVE-2026-11511	2026-06-9 00:16	2026-06-8	Show	GitHub Exploit DB Packet Storm

2531	7.1	HIGH Local	-	-	Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedd…	CWE-95 Eval Injection	CVE-2026-11422	2026-06-9 00:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

2532	9.6	CRITICAL Network	google	chrome	Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …	CWE-843 Type Confusion	CVE-2026-11052	2026-06-9 00:08	2026-06-5	Show	GitHub Exploit DB Packet Storm

2533	6.5	MEDIUM Network	google	chrome	Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…	CWE-125 Out-of-bounds Read	CVE-2026-11051	2026-06-9 00:08	2026-06-5	Show	GitHub Exploit DB Packet Storm

2534	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted…	CWE-346 Origin Validation Error	CVE-2026-11048	2026-06-9 00:04	2026-06-5	Show	GitHub Exploit DB Packet Storm

2535	9.6	CRITICAL Network	google	chrome	Inappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via …	CWE-20 Improper Input Validation	CVE-2026-11047	2026-06-9 00:03	2026-06-5	Show	GitHub Exploit DB Packet Storm

2536	7.5	HIGH Network	-	-	Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixe…	CWE-191 Integer Underflow (Wrap or Wraparound)	CVE-2026-49494	2026-06-9 00:03	2026-06-7	Show	GitHub Exploit DB Packet Storm

2537	6.5	MEDIUM Network	google	chrome	Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informatio…	CWE-20 Improper Input Validation	CVE-2026-11045	2026-06-9 00:02	2026-06-5	Show	GitHub Exploit DB Packet Storm

2538	8.0	HIGH Network	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation,…	CWE-295 Improper Certificate Validation	CVE-2026-45745	2026-06-9 00:02	2026-06-6	Show	GitHub Exploit DB Packet Storm

2539	-	-	-	-	Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio…	CWE-1333 Inefficient Regular Expression Complexity	CVE-2026-45409	2026-06-9 00:02	2026-06-6	Show	GitHub Exploit DB Packet Storm

2540	6.5	MEDIUM Network	google	chrome	Integer overflow in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium s…	CWE-472 CWE-190 External Control of Assumed-Immutable Web Parameter Integer Overflow or Wraparound	CVE-2026-11044	2026-06-9 00:01	2026-06-5	Show	GitHub Exploit DB Packet Storm

2541	-	-	-	-	A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processi…	CWE-121 Stack-based Buffer Overflow	CVE-2026-6239	2026-06-9 00:01	2026-06-6	Show	GitHub Exploit DB Packet Storm

2542	-	-	-	-	A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenti…	CWE-121 Stack-based Buffer Overflow	CVE-2026-6240	2026-06-9 00:01	2026-06-6	Show	GitHub Exploit DB Packet Storm

2543	-	-	-	-	An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitizatio…	CWE-134 Use of Externally-Controlled Format String	CVE-2026-6241	2026-06-9 00:01	2026-06-6	Show	GitHub Exploit DB Packet Storm

2544	-	-	-	-	An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacke…	CWE-134 Use of Externally-Controlled Format String	CVE-2026-6242	2026-06-9 00:01	2026-06-6	Show	GitHub Exploit DB Packet Storm

2545	-	-	-	-	On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechani…	CWE-287 Improper Authentication	CVE-2026-34123	2026-06-9 00:01	2026-06-6	Show	GitHub Exploit DB Packet Storm

2546	-	-	-	-	This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by se…	CWE-22 Path Traversal	CVE-2026-9506	2026-06-9 00:01	2026-06-8	Show	GitHub Exploit DB Packet Storm

2547	-	-	-	-	A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…	CWE-22 CWE-269 Path Traversal Improper Privilege Management	CVE-2026-11423	2026-06-9 00:00	2026-06-6	Show	GitHub Exploit DB Packet Storm

2548	-	-	-	-	A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t…	CWE-200 CWE-918 Information Exposure Server-Side Request Forgery (SSRF)	CVE-2026-11424	2026-06-9 00:00	2026-06-6	Show	GitHub Exploit DB Packet Storm

2549	-	-	-	-	A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas…	CWE-22 CWE-200 Path Traversal Information Exposure	CVE-2026-11431	2026-06-9 00:00	2026-06-6	Show	GitHub Exploit DB Packet Storm

2550	8.1	HIGH Network	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix pr…	CWE-308 Use of Single-factor Authentication	CVE-2026-45749	2026-06-8 23:59	2026-06-6	Show	GitHub Exploit DB Packet Storm