NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 24, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3451	8.8	HIGH Network	oracle	e-business_suite	Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite (component: Security). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability all…	CWE-269 Improper Privilege Management	CVE-2026-46837	2026-06-4 22:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

3452	7.4	HIGH Network	oracle	e-business_suite	Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability al…	CWE-284 Improper Access Control	CVE-2026-46818	2026-06-4 22:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

3453	9.8	CRITICAL Network	oracle	e-business_suite	Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allo…	CWE-269 CWE-287 CWE-306 Improper Privilege Management Improper Authentication Missing Authentication for Critical Function	CVE-2026-46817	2026-06-4 22:45	2026-05-29	Show	GitHub Exploit DB Packet Storm

3454	4.9	MEDIUM Network	progress	sitefinity	CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used co…	CWE-522 Insufficiently Protected Credentials	CVE-2026-7313	2026-06-4 22:12	2026-06-2	Show	GitHub Exploit DB Packet Storm

3455	7.5	HIGH Network	progress	sitefinity	CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.844…	CWE-522 Insufficiently Protected Credentials	CVE-2026-7312	2026-06-4 22:09	2026-06-2	Show	GitHub Exploit DB Packet Storm

3456	8.1	HIGH Network	progress	sitefinity	CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.…	CWE-20 Improper Input Validation	CVE-2026-7195	2026-06-4 21:51	2026-06-2	Show	GitHub Exploit DB Packet Storm

3457	9.8	CRITICAL Network	progress	sitefinity	CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in f…	CWE-284 Improper Access Control	CVE-2026-7198	2026-06-4 21:43	2026-06-2	Show	GitHub Exploit DB Packet Storm

3458	8.8	HIGH Network	progress	sitefinity	CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenti…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-7201	2026-06-4 21:42	2026-06-2	Show	GitHub Exploit DB Packet Storm

3459	5.4	MEDIUM Network	-	-	Wikidforum 2.20 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted HTML in the reply_text parameter. Attackers can pos…	CWE-79 Cross-site Scripting	CVE-2018-25384	2026-06-4 12:16	2026-05-30	Show	GitHub Exploit DB Packet Storm

3460	9.0	CRITICAL Network	-	-	A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is config…	CWE-78 OS Command	CVE-2026-4408	2026-06-4 09:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

3461	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-2596	2026-06-4 08:16	2026-06-4	Show	GitHub Exploit DB Packet Storm

3462	7.8	HIGH Local	google	android	In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges…	NVD-CWE-noinfo CWE-20 Improper Input Validation	CVE-2025-22424	2026-06-4 07:16	2026-06-2	Show	GitHub Exploit DB Packet Storm

3463	8.4	HIGH Local	-	-	Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog inter…	CWE-451 User Interface (UI) Misrepresentation of Critical Information	CVE-2019-25718	2026-06-4 07:16	2026-06-2	Show	GitHub Exploit DB Packet Storm

3464	6.5	MEDIUM Adjacent	-	-	Dräger Infinity Delta, Delta XL, and Kappa patient monitors contain a denial-of-service vulnerability that allows remote attackers to cause the monitor to reboot by sending a malformed network packet…	CWE-15 External Control of System or Configuration Setting	CVE-2019-25716	2026-06-4 07:16	2026-06-2	Show	GitHub Exploit DB Packet Storm

3465	9.1	CRITICAL Network	github	cli	GitHub CLI (gh) is GitHub’s official command line tool. Prior to 2.93.0, GitHub CLI incorrectly includes authorization header in API requests to TUF repository mirrors via gh attestation, gh release …	CWE-863 Incorrect Authorization	CVE-2026-48501	2026-06-4 06:06	2026-05-30	Show	GitHub Exploit DB Packet Storm

3466	4.9	MEDIUM Network	macgregor	interschalt_vdr_g4e_firmware	The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.	CWE-552 Files or Directories Accessible to External Parties	CVE-2026-40425	2026-06-4 05:54	2026-05-30	Show	GitHub Exploit DB Packet Storm

3467	4.3	MEDIUM Network	nextcloud	calendar	Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance …	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2026-45286	2026-06-4 05:35	2026-06-2	Show	GitHub Exploit DB Packet Storm

3468	6.4	MEDIUM Network	nextcloud	nextcloud_server	Nextcloud is an open source content collaboration platform. From versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a user shares a folder or file with a Nextcloud Team that includes…	CWE-862 Missing Authorization	CVE-2026-45285	2026-06-4 05:34	2026-06-2	Show	GitHub Exploit DB Packet Storm

3469	8.8	HIGH Network	nextcloud	user_oidc	Nextcloud is an open source content collaboration platform. From version 1.3.6 to before version 8.4.0, an improper check allowed users that where provided by LDAP to still authenticate towards user …	CWE-284 NVD-CWE-noinfo Improper Access Control	CVE-2026-45284	2026-06-4 05:28	2026-06-2	Show	GitHub Exploit DB Packet Storm

3470	8.6	HIGH Network	openairinterface	openairinterface5g	An issue was discovered in OpenAirInterface5G 2.4.0 (nr-softmodem) in the E2SM-KPM RAN Function's PRB utilization metric calculation. The functions fill_RRU_PrbTotDl() and fill_RRU_PrbTotUl() in open…	CWE-369 Divide By Zero	CVE-2026-37232	2026-06-4 05:26	2026-06-2	Show	GitHub Exploit DB Packet Storm

3471	2.7	LOW Network	projectcapsule	capsule	Capsule is a multi-tenancy and policy-based framework for Kubernetes. To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate …	CWE-20 NVD-CWE-noinfo Improper Input Validation	CVE-2026-30963	2026-06-4 05:22	2026-06-2	Show	GitHub Exploit DB Packet Storm

3472	7.8	HIGH Local	google	android_xr	In addInputMethodListener of com.android.server.inputmethod.InputMethodManagerService, there is a missing permission check. This could lead to local escalation of privilege with no additional executi…	CWE-285 Improper Authorization	CVE-2026-0072	2026-06-4 05:16	2026-06-2	Show	GitHub Exploit DB Packet Storm

3473	7.5	HIGH Network	juliangruber	brace-expansion	The brace-expansion library generates arbitrary strings containing a common prefix and suffix. From 5.0.0 to before 5.0.6, the max option was being applied too late. When expanding a single large num…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-45149	2026-06-4 05:13	2026-05-30	Show	GitHub Exploit DB Packet Storm

3474	5.4	MEDIUM Network	mozilla	firefox	Firefox for iOS Reader View replaced page content in its HTML template before replacing other internal placeholders. A malicious page could include a placeholder string that was later substituted wit…	CWE-79 Cross-site Scripting	CVE-2026-9308	2026-06-4 05:02	2026-06-1	Show	GitHub Exploit DB Packet Storm

3475	5.4	MEDIUM Network	mozilla	firefox	Firefox for iOS Reader View did not properly escape HTML tags in JSON-LD metadata. A malicious page could inject markup that changed Reader View behavior and leaked sensitive URL parameters. These pa…	CWE-79 Cross-site Scripting	CVE-2026-9309	2026-06-4 05:02	2026-06-1	Show	GitHub Exploit DB Packet Storm

3476	7.5	HIGH Network	dlink	di-7001mini-8g_firmware	A vulnerability was detected in D-Link DI-7001 MINI up to 19.09.19A1. Impacted is the function sprintf of the file /httpd_debug.asp of the component API. The manipulation of the argument Time results…	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-10270	2026-06-4 05:02	2026-06-2	Show	GitHub Exploit DB Packet Storm

3477	9.6	CRITICAL Network	cline	cline	Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. In versions 2.13.0 and prior, there is a cross-origin WebSocket hijack vulnerability in Cline Kanban servers. At time o…	CWE-306 CWE-1385 Missing Authentication for Critical Function Missing Origin Validation in WebSockets	CVE-2026-44211	2026-06-4 04:52	2026-06-2	Show	GitHub Exploit DB Packet Storm

3478	9.1	CRITICAL Network	projectcapsule	capsule	Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets th…	CWE-20 CWE-863 Improper Input Validation Incorrect Authorization	CVE-2026-22872	2026-06-4 04:40	2026-06-2	Show	GitHub Exploit DB Packet Storm

3479	4.9	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromi…	CWE-1284 Improper Validation of Specified Quantity in Input	CVE-2026-9801	2026-06-4 04:38	2026-05-28	Show	GitHub Exploit DB Packet Storm

3480	4.3	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client cr…	CWE-305 Authentication Bypass by Primary Weakness	CVE-2026-9798	2026-06-4 04:38	2026-05-28	Show	GitHub Exploit DB Packet Storm

3481	6.5	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak. An authenticated administrator with the `manage-clients` role can exploit a Time-of-check to time-of-use (TOCTOU) vulnerability in the name-based admin role checks. This…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-9796	2026-06-4 04:38	2026-05-28	Show	GitHub Exploit DB Packet Storm

3482	7.3	HIGH Network	redhat	build_of_keycloak	A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management permissions can exploit this vulnerability to assign any realm role, in…	CWE-266 Incorrect Privilege Assignment	CVE-2026-9795	2026-06-4 04:38	2026-05-28	Show	GitHub Exploit DB Packet Storm

3483	5.3	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak. A remote, unauthenticated attacker can exploit this vulnerability by sending specially crafted SOAP requests to the SAML ECP (Security Assertion Markup Language Enhanced…	CWE-209 Information Exposure Through an Error Message	CVE-2026-9794	2026-06-4 04:37	2026-05-28	Show	GitHub Exploit DB Packet Storm

3484	6.5	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-…	CWE-280 Improper Handling of Insufficient Permissions or Privileges	CVE-2026-9792	2026-06-4 04:37	2026-05-28	Show	GitHub Exploit DB Packet Storm

3485	6.8	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, w…	CWE-613 Insufficient Session Expiration	CVE-2026-9802	2026-06-4 04:36	2026-05-28	Show	GitHub Exploit DB Packet Storm

3486	7.5	HIGH Network	winmtr	winmtr	WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload file containing a large buffer of repeated characters. Attackers c…	CWE-120 Classic Buffer Overflow	CVE-2018-25426	2026-06-4 04:31	2026-05-31	Show	GitHub Exploit DB Packet Storm

3487	5.3	MEDIUM Network	redhat	build_of_keycloak	A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authori…	CWE-125 Out-of-bounds Read	CVE-2026-9803	2026-06-4 04:28	2026-05-28	Show	GitHub Exploit DB Packet Storm

3488	9.8	CRITICAL Network	deltasql_project	deltasql	Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to docs_upload.php with crafted multipart form…	CWE-306 Missing Authentication for Critical Function	CVE-2018-25412	2026-06-4 04:26	2026-05-31	Show	GitHub Exploit DB Packet Storm

3489	9.8	CRITICAL Network	trendnet	tew-432brp_firmware	A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetPortTr of the file /goform/formSetPortTr. Performing a manipulation of the argument special_name r…	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-10064	2026-06-4 04:19	2026-05-30	Show	GitHub Exploit DB Packet Storm

3490	3.3	LOW Local	-	-	A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::read_sequence_infos of the file HL1MDLLoader.cpp of the component Half-Life 1 MD…	CWE-119 CWE-125 Incorrect Access of Indexable Resource ('Range Error') Out-of-bounds Read	CVE-2026-10233	2026-06-4 04:16	2026-06-1	Show	GitHub Exploit DB Packet Storm

3491	4.3	MEDIUM Network	-	-	A security vulnerability has been detected in Dolibarr ERP CRM up to 23.0.1. Impacted is the function checkUserAccessToObject of the file htdocs/holiday/class/api_holidays.class.php of the component …	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-10215	2026-06-4 04:16	2026-06-1	Show	GitHub Exploit DB Packet Storm

3492	8.8	HIGH Network	-	-	A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file /goform/formSetProtocolFilter. Such manipulation of the argument protocol_na…	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-10122	2026-06-4 04:16	2026-05-31	Show	GitHub Exploit DB Packet Storm

3493	4.3	MEDIUM Network	-	-	A vulnerability was identified in Open5GS up to 2.7.7. This affects an unknown part in the library lib/sbi/nnrf-handler.c of the component Shared NF-profile Parser. Such manipulation leads to denial …	CWE-404 Improper Resource Shutdown or Release	CVE-2026-10115	2026-06-4 04:16	2026-05-30	Show	GitHub Exploit DB Packet Storm

3494	7.5	HIGH Network	oracle	database_server	Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with n…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-46835	2026-06-4 04:00	2026-05-29	Show	GitHub Exploit DB Packet Storm

3495	7.5	HIGH Network	oracle	database_server	Vulnerability in the Net Service component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.2. Easily exploitable vulnerability allows unauthenticated attacker with n…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-46834	2026-06-4 03:57	2026-05-29	Show	GitHub Exploit DB Packet Storm

3496	9.9	CRITICAL Network	linuxfoundation	cloudnativepg	CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as t…	CWE-250 CWE-271 CWE-426 Execution with Unnecessary Privileges Privilege Dropping / Lowering Errors Untrusted Search Path	CVE-2026-44477	2026-06-4 03:56	2026-05-29	Show	GitHub Exploit DB Packet Storm

3497	8.0	HIGH Network	microsoft	sharepoint_server	Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.	CWE-78 OS Command	CVE-2026-47294	2026-06-4 03:42	2026-06-2	Show	GitHub Exploit DB Packet Storm

3498	6.3	MEDIUM Network	vivotek	fd8136_firmware	A stack-based buffer overflow in the export_language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST…	CWE-121 Stack-based Buffer Overflow	CVE-2026-35717	2026-06-4 03:42	2026-06-2	Show	GitHub Exploit DB Packet Storm

3499	7.3	HIGH Network	vivotek	fd8136_firmware	Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the set_getparam.cgi component	CWE-121 Stack-based Buffer Overflow	CVE-2026-30649	2026-06-4 03:41	2026-06-3	Show	GitHub Exploit DB Packet Storm

3500	8.8	HIGH Network	vivotek	fd8136_firmware	A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-03…	CWE-120 Classic Buffer Overflow	CVE-2026-30650	2026-06-4 03:41	2026-06-3	Show	GitHub Exploit DB Packet Storm