NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:June 22, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2751 8.1 HIGH
Network 		google chrome Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. (Chromium… CWE-693
 Protection Mechanism Failure 		CVE-2026-11170 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2752 6.5 MEDIUM
Adjacent 		ericsson packet_core_gateway Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially cr… CWE-228
 Improper Handling of Syntactically Invalid Structure 		CVE-2026-25657 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2753 8.8 HIGH
Network 		google chrome Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Mediu… CWE-451
 User Interface (UI) Misrepresentation of Critical Information 		CVE-2026-11172 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2754 5.3 MEDIUM
Network 		google chrome Inappropriate implementation in Site Isolation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML p… CWE-693
 Protection Mechanism Failure 		CVE-2026-11174 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2755 8.8 HIGH
Network 		google chrome Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) CWE-451
 User Interface (UI) Misrepresentation of Critical Information 		CVE-2026-11175 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2756 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CWE-346
 Origin Validation Error 		CVE-2026-11176 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2757 8.8 HIGH
Network 		google chrome Use after free in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted… CWE-416
 Use After Free 		CVE-2026-11177 2026-06-8 23:21 2026-06-5 Show GitHub Exploit DB Packet Storm
2758 4.3 MEDIUM
Network 		google chrome Insufficient policy enforcement in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity:… CWE-346
 Origin Validation Error 		CVE-2026-11178 2026-06-8 23:20 2026-06-5 Show GitHub Exploit DB Packet Storm
2759 8.8 HIGH
Network 		google chrome Inappropriate implementation in ORB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass site isolation via a crafted HTML page. (Chromium security severity: Medium) CWE-284
Improper Access Control 		CVE-2026-11179 2026-06-8 23:20 2026-06-5 Show GitHub Exploit DB Packet Storm
2760 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CWE-200
Information Exposure 		CVE-2026-11180 2026-06-8 23:20 2026-06-5 Show GitHub Exploit DB Packet Storm
2761 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in File System Access in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass discretionary acc… CWE-284
Improper Access Control 		CVE-2026-11258 2026-06-8 23:19 2026-06-5 Show GitHub Exploit DB Packet Storm
2762 4.3 MEDIUM
Network 		google chrome Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:… CWE-20
 Improper Input Validation  		CVE-2026-11259 2026-06-8 23:19 2026-06-5 Show GitHub Exploit DB Packet Storm
2763 4.3 MEDIUM
Network 		google chrome Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: L… CWE-693
 Protection Mechanism Failure 		CVE-2026-11260 2026-06-8 23:19 2026-06-5 Show GitHub Exploit DB Packet Storm
2764 4.3 MEDIUM
Network 		google chrome Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. (Chromiu… CWE-20
 Improper Input Validation  		CVE-2026-11261 2026-06-8 23:19 2026-06-5 Show GitHub Exploit DB Packet Storm
2765 4.3 MEDIUM
Network 		google chrome Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low) CWE-693
 Protection Mechanism Failure 		CVE-2026-11264 2026-06-8 23:18 2026-06-5 Show GitHub Exploit DB Packet Storm
2766 7.5 HIGH
Network 		google chrome Inappropriate implementation in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CWE-352
 Origin Validation Error 		CVE-2026-11265 2026-06-8 23:18 2026-06-5 Show GitHub Exploit DB Packet Storm
2767 4.3 MEDIUM
Network 		google chrome Inappropriate implementation in SafeBrowsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass Safe Browsing via a malicious file. (Chromium security severity: Low) CWE-693
 Protection Mechanism Failure 		CVE-2026-11266 2026-06-8 23:18 2026-06-5 Show GitHub Exploit DB Packet Storm
2768 4.3 MEDIUM
Network 		google chrome Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a… CWE-602
 Client-Side Enforcement of Server-Side Security 		CVE-2026-11267 2026-06-8 23:18 2026-06-5 Show GitHub Exploit DB Packet Storm
2769 7.1 HIGH
Adjacent 		google chrome Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to execute arbitrary code inside a sandbox via a crafted Chrome… CWE-829
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2026-11269 2026-06-8 23:18 2026-06-5 Show GitHub Exploit DB Packet Storm
2770 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf… CWE-200
Information Exposure 		CVE-2026-11271 2026-06-8 23:17 2026-06-5 Show GitHub Exploit DB Packet Storm
2771 6.1 MEDIUM
Network 		google chrome Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scri… CWE-20
CWE-79
 Improper Input Validation 
Cross-site Scripting 		CVE-2026-11273 2026-06-8 23:17 2026-06-5 Show GitHub Exploit DB Packet Storm
2772 5.0 MEDIUM
Network 		redhat openshift_container_platform A flaw was found in OpenShift Container Platform. Completed pods with restartPolicy: Never do not count toward ResourceQuota pod limits, and Kubernetes events are not quota-scoped. A non-privileged u… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-10533 2026-06-8 23:09 2026-06-2 Show GitHub Exploit DB Packet Storm
2773 4.3 MEDIUM
Network 		misp misp An authorization flaw existed in the MISP Event Template Importer overwrite workflow. When importing an event template in overwrite mode, the application checked whether a matching template already e… CWE-862
 Missing Authorization 		CVE-2026-10855 2026-06-8 23:03 2026-06-4 Show GitHub Exploit DB Packet Storm
2774 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in Page Info in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a… CWE-284
Improper Access Control 		CVE-2026-11275 2026-06-8 23:00 2026-06-5 Show GitHub Exploit DB Packet Storm
2775 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CWE-352
 Origin Validation Error 		CVE-2026-11270 2026-06-8 23:00 2026-06-5 Show GitHub Exploit DB Packet Storm
2776 8.6 HIGH
Network 		vertex-app vertex Vertex is a management tool for PT (Private Tracker) users to manage streaming and watching videos. Versions prior to commit fbde301b97986d5913fc4bc95f5445750d282e11 are vulnerable to path traversal.… CWE-22
Path Traversal 		CVE-2024-40646 2026-06-8 22:59 2026-06-2 Show GitHub Exploit DB Packet Storm
2777 6.1 MEDIUM
Network 		misp misp A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL to be accepted as a local path while being interpreted by browsers as an external URL. The validation … CWE-601
Open Redirect 		CVE-2026-10856 2026-06-8 22:59 2026-06-4 Show GitHub Exploit DB Packet Storm
2778 6.5 MEDIUM
Network 		google chrome Insufficient policy enforcement in WebAuthentication in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data vi… CWE-693
 Protection Mechanism Failure 		CVE-2026-11263 2026-06-8 22:58 2026-06-5 Show GitHub Exploit DB Packet Storm
2779 7.5 HIGH
Network 		microsoft copilot_chat Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a netw… CWE-74
Injection 		CVE-2026-47644 2026-06-8 22:57 2026-06-5 Show GitHub Exploit DB Packet Storm
2780 6.1 MEDIUM
Network 		misp misp An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the value stored in the pre_login_requested_url session key was used as the post-login redirect destination w… CWE-601
Open Redirect 		CVE-2026-10861 2026-06-8 22:56 2026-06-4 Show GitHub Exploit DB Packet Storm
2781 8.8 HIGH
Network 		microsoft copilot Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an authorized attacker to execute code over a network. CWE-77
Command Injection 		CVE-2026-45497 2026-06-8 22:55 2026-06-5 Show GitHub Exploit DB Packet Storm
2782 6.5 MEDIUM
Network 		misp misp A logic error in the MISP CRUD component delete handler allowed validation failures to be bypassed when requests used the HTTP DELETE method. Due to missing parentheses in the delete condition, the e… CWE-863
 Incorrect Authorization 		CVE-2026-10860 2026-06-8 22:54 2026-06-5 Show GitHub Exploit DB Packet Storm
2783 7.5 HIGH
Network 		microsoft copilot Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. CWE-77
Command Injection 		CVE-2026-42824 2026-06-8 22:52 2026-06-5 Show GitHub Exploit DB Packet Storm
2784 6.5 MEDIUM
Network 		google chrome Insufficient validation of untrusted input in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H… CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-11027 2026-06-8 22:45 2026-06-5 Show GitHub Exploit DB Packet Storm
2785 8.8 HIGH
Network 		google chrome Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: Medium) CWE-416
 Use After Free 		CVE-2026-11030 2026-06-8 22:44 2026-06-5 Show GitHub Exploit DB Packet Storm
2786 8.8 HIGH
Network 		7-zip 7-zip 7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer (GetCu… CWE-190
CWE-787
 Integer Overflow or Wraparound
 Out-of-bounds Write 		CVE-2026-48095 2026-06-8 22:40 2026-06-6 Show GitHub Exploit DB Packet Storm
2787 4.3 MEDIUM
Network 		google chrome Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi… CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-11031 2026-06-8 22:40 2026-06-5 Show GitHub Exploit DB Packet Storm
2788 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi… CWE-346
 Origin Validation Error 		CVE-2026-11032 2026-06-8 22:39 2026-06-5 Show GitHub Exploit DB Packet Storm
2789 6.5 MEDIUM
Network 		google chrome Uninitialized Use in WebML in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium … CWE-457
 Use of Uninitialized Variable 		CVE-2026-11033 2026-06-8 22:39 2026-06-5 Show GitHub Exploit DB Packet Storm
2790 6.1 MEDIUM
Network 		google chrome Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via malicious netw… CWE-20
 Improper Input Validation  		CVE-2026-11034 2026-06-8 22:38 2026-06-5 Show GitHub Exploit DB Packet Storm
2791 6.1 MEDIUM
Network 		cisco webex_meetings A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Cisco has addressed this… CWE-79
Cross-site Scripting 		CVE-2026-20233 2026-06-8 22:36 2026-06-4 Show GitHub Exploit DB Packet Storm
2792 8.1 HIGH
Network 		misp misp A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user… CWE-20
 Improper Input Validation  		CVE-2026-10863 2026-06-8 22:35 2026-06-5 Show GitHub Exploit DB Packet Storm
2793 7.3 HIGH
Local 		google chrome Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a crafted XML file. (Chromium security seve… CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-11035 2026-06-8 22:34 2026-06-5 Show GitHub Exploit DB Packet Storm
2794 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) CWE-346
 Origin Validation Error 		CVE-2026-11036 2026-06-8 22:34 2026-06-5 Show GitHub Exploit DB Packet Storm
2795 6.5 MEDIUM
Network 		google chrome Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) CWE-457
 Use of Uninitialized Variable 		CVE-2026-11039 2026-06-8 22:31 2026-06-5 Show GitHub Exploit DB Packet Storm
2796 8.8 HIGH
Network 		google chrome Insufficient validation of untrusted input in Media in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-11041 2026-06-8 22:31 2026-06-5 Show GitHub Exploit DB Packet Storm
2797 9.6 CRITICAL
Network 		google chrome Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… CWE-787
 Out-of-bounds Write 		CVE-2026-11043 2026-06-8 22:29 2026-06-5 Show GitHub Exploit DB Packet Storm
2798 5.3 MEDIUM
Network 		google chrome Integer overflow in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proces… CWE-190
CWE-125
CWE-787
 Integer Overflow or Wraparound
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2026-10999 2026-06-8 22:16 2026-06-5 Show GitHub Exploit DB Packet Storm
2799 9.1 CRITICAL
Network 		apache fory Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChec… CWE-502
 Deserialization of Untrusted Data 		CVE-2026-50076 2026-06-8 22:00 2026-06-5 Show GitHub Exploit DB Packet Storm
2800 4.3 MEDIUM
Network 		misp misp A vulnerability in the MISP dashboard widgets allowed an authenticated user to manipulate the fields option and influence which fields were returned by the New Users and New Organisations widgets. In… CWE-200
Information Exposure 		CVE-2026-10864 2026-06-8 21:59 2026-06-5 Show GitHub Exploit DB Packet Storm