NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:June 26, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
4001 9.8 CRITICAL
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… CWE-78
OS Command  		CVE-2025-41272 2026-06-2 03:57 2026-05-29 Show GitHub Exploit DB Packet Storm
4002 9.8 CRITICAL
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-288: Authentication Bypass Using an Alternate Path or Channel in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows… CWE-288
Authentication Bypass Using an Alternate Path or Channel 		CVE-2025-41273 2026-06-2 03:57 2026-05-29 Show GitHub Exploit DB Packet Storm
4003 9.8 CRITICAL
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… CWE-78
OS Command  		CVE-2025-41274 2026-06-2 03:56 2026-05-29 Show GitHub Exploit DB Packet Storm
4004 9.8 CRITICAL
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… CWE-78
OS Command  		CVE-2025-41275 2026-06-2 03:56 2026-05-29 Show GitHub Exploit DB Packet Storm
4005 9.8 CRITICAL
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… CWE-78
OS Command  		CVE-2025-41276 2026-06-2 03:56 2026-05-29 Show GitHub Exploit DB Packet Storm
4006 9.8 CRITICAL
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Console WebUI in Waterfall WF-500 TX and RX Hosts in versio… CWE-78
OS Command  		CVE-2025-41277 2026-06-2 03:56 2026-05-29 Show GitHub Exploit DB Packet Storm
4007 7.8 HIGH
Local 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-125: Out-of-bounds Read in Waterfall WF-500 RX Host in version 7.10.0.0 R2601141040 that allows attackers with access to the TX Host to execute code on the RX Ho… CWE-125
Out-of-bounds Read 		CVE-2025-41278 2026-06-2 03:56 2026-05-29 Show GitHub Exploit DB Packet Storm
4008 7.8 HIGH
Local 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-23: Relative Path Traversal (Zip Slip) in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute cod… CWE-23
 Relative Path Traversal 		CVE-2025-41280 2026-06-2 03:56 2026-05-29 Show GitHub Exploit DB Packet Storm
4009 7.2 HIGH
Network 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administration WebUI in Waterfall WF-500 RX Host in version… CWE-78
OS Command  		CVE-2025-41279 2026-06-2 03:55 2026-05-29 Show GitHub Exploit DB Packet Storm
4010 7.8 HIGH
Local 		waterfall-security wf-500_firmware Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that al… CWE-78
OS Command  		CVE-2025-41281 2026-06-2 03:55 2026-05-29 Show GitHub Exploit DB Packet Storm
4011 6.5 MEDIUM
Network 		- - Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loo… CWE-674
CWE-835
 Uncontrolled Recursion
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2026-44740 2026-06-2 03:53 2026-06-2 Show GitHub Exploit DB Packet Storm
4012 9.9 CRITICAL
Network 		- - OneUptime is an open-source monitoring and observability platform. Prior to 10.0.98, OneUptime uses the Node.js' vm module as an isolation primitive. This API was not designed for that and can be esc… CWE-693
 Protection Mechanism Failure 		CVE-2026-45102 2026-06-2 03:50 2026-05-28 Show GitHub Exploit DB Packet Storm
4013 7.8 HIGH
Local 		- - systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active Netwo… CWE-78
OS Command  		CVE-2026-44724 2026-06-2 03:50 2026-05-28 Show GitHub Exploit DB Packet Storm
4014 7.5 HIGH
Network 		- - Automad is a flat-file content management system and template engine. From 2.0.0-alpha.1 to 2.0.0-beta.27, a Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcr… CWE-200
CWE-306
Information Exposure
Missing Authentication for Critical Function 		CVE-2026-45332 2026-06-2 03:50 2026-05-29 Show GitHub Exploit DB Packet Storm
4015 - -
- - Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Prior to 0.102.2, a malicious ZIP archive imported with safe import enabled… CWE-22
CWE-79
Path Traversal
Cross-site Scripting 		CVE-2026-45668 2026-06-2 03:50 2026-05-30 Show GitHub Exploit DB Packet Storm
4016 7.5 HIGH
Network 		google chrome Use after free in Aura in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page. (Ch… CWE-416
 Use After Free 		CVE-2026-9934 2026-06-2 03:49 2026-05-29 Show GitHub Exploit DB Packet Storm
4017 8.8 HIGH
Network 		google chrome Use after free in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CWE-416
 Use After Free 		CVE-2026-9941 2026-06-2 03:49 2026-05-29 Show GitHub Exploit DB Packet Storm
4018 8.8 HIGH
Network 		google chrome Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CWE-122
Heap-based Buffer Overflow 		CVE-2026-9940 2026-06-2 03:49 2026-05-29 Show GitHub Exploit DB Packet Storm
4019 6.5 MEDIUM
Network 		google chrome Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chro… CWE-457
 Use of Uninitialized Variable 		CVE-2026-9917 2026-06-2 03:48 2026-05-29 Show GitHub Exploit DB Packet Storm
4020 9.6 CRITICAL
Network 		google chrome Inappropriate implementation in Tint in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: H… CWE-269
 Improper Privilege Management 		CVE-2026-9918 2026-06-2 03:48 2026-05-29 Show GitHub Exploit DB Packet Storm
4021 4.3 MEDIUM
Network 		google chrome Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) CWE-125
Out-of-bounds Read 		CVE-2026-9919 2026-06-2 03:48 2026-05-29 Show GitHub Exploit DB Packet Storm
4022 3.1 LOW
Network 		google chrome Uninitialized Use in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chr… CWE-457
 Use of Uninitialized Variable 		CVE-2026-9920 2026-06-2 03:48 2026-05-29 Show GitHub Exploit DB Packet Storm
4023 4.3 MEDIUM
Network 		google chrome Uninitialized Use in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin information via a crafted HTML page. (Chromium security severity: High) CWE-457
 Use of Uninitialized Variable 		CVE-2026-9921 2026-06-2 03:48 2026-05-29 Show GitHub Exploit DB Packet Storm
4024 8.8 HIGH
Network 		google chrome Use after free in Skia in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) CWE-416
 Use After Free 		CVE-2026-9923 2026-06-2 03:48 2026-05-29 Show GitHub Exploit DB Packet Storm
4025 8.3 HIGH
Network 		google chrome Heap buffer overflow in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a craf… CWE-122
Heap-based Buffer Overflow 		CVE-2026-9924 2026-06-2 03:47 2026-05-29 Show GitHub Exploit DB Packet Storm
4026 4.3 MEDIUM
Network 		google chrome Inappropriate implementation in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hig… CWE-200
Information Exposure 		CVE-2026-9929 2026-06-2 03:47 2026-05-29 Show GitHub Exploit DB Packet Storm
4027 4.3 MEDIUM
Network 		google chrome Out of bounds write in Dawn in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Hi… CWE-787
 Out-of-bounds Write 		CVE-2026-9930 2026-06-2 03:47 2026-05-29 Show GitHub Exploit DB Packet Storm
4028 8.3 HIGH
Network 		google chrome Use after free in ANGLE in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… CWE-416
 Use After Free 		CVE-2026-9932 2026-06-2 03:47 2026-05-29 Show GitHub Exploit DB Packet Storm
4029 7.5 HIGH
Network 		google chrome Use after free in WebAppInstalls in Google Chrome on Mac prior to 148.0.7778.216 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craft… CWE-416
 Use After Free 		CVE-2026-10005 2026-06-2 03:47 2026-05-29 Show GitHub Exploit DB Packet Storm
4030 8.3 HIGH
Network 		google chrome Out of bounds write in GPU in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… CWE-787
 Out-of-bounds Write 		CVE-2026-9906 2026-06-2 03:47 2026-05-29 Show GitHub Exploit DB Packet Storm
4031 4.3 MEDIUM
Network 		google chrome Out of bounds read in Dawn in Google Chrome on Windows prior to 148.0.7778.216 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) CWE-125
Out-of-bounds Read 		CVE-2026-9907 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4032 6.5 MEDIUM
Network 		google chrome Out of bounds read in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… CWE-125
Out-of-bounds Read 		CVE-2026-9908 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4033 4.3 MEDIUM
Network 		google chrome Integer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) CWE-472
 External Control of Assumed-Immutable Web Parameter 		CVE-2026-9911 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4034 6.5 MEDIUM
Network 		google chrome Inappropriate implementation in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML pa… CWE-200
Information Exposure 		CVE-2026-9912 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4035 4.3 MEDIUM
Network 		google chrome Inappropriate implementation in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security… CWE-125
Out-of-bounds Read 		CVE-2026-9913 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4036 8.3 HIGH
Network 		google chrome Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape… CWE-20
 Improper Input Validation  		CVE-2026-9914 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4037 8.3 HIGH
Network 		google chrome Heap buffer overflow in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa… CWE-122
Heap-based Buffer Overflow 		CVE-2026-9915 2026-06-2 03:46 2026-05-29 Show GitHub Exploit DB Packet Storm
4038 8.3 HIGH
Network 		google chrome Out of bounds write in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… CWE-787
 Out-of-bounds Write 		CVE-2026-9916 2026-06-2 03:45 2026-05-29 Show GitHub Exploit DB Packet Storm
4039 8.2 HIGH
Network 		- - mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsin… CWE-20
CWE-125
CWE-130
 Improper Input Validation 
Out-of-bounds Read
 Improper Handling of Length Parameter Inconsistency 		CVE-2026-45615 2026-06-2 03:45 2026-05-29 Show GitHub Exploit DB Packet Storm
4040 - -
- - Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback s… CWE-288
CWE-306
Authentication Bypass Using an Alternate Path or Channel
Missing Authentication for Critical Function 		CVE-2026-45577 2026-06-2 03:45 2026-05-30 Show GitHub Exploit DB Packet Storm
4041 5.4 MEDIUM
Network 		- - Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't nor… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45660 2026-06-2 03:45 2026-05-30 Show GitHub Exploit DB Packet Storm
4042 8.3 HIGH
Network 		google chrome Use after free in WebMIDI in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … CWE-416
 Use After Free 		CVE-2026-10014 2026-06-2 03:45 2026-05-29 Show GitHub Exploit DB Packet Storm
4043 8.3 HIGH
Network 		google chrome Insufficient validation of untrusted input in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sand… CWE-20
 Improper Input Validation  		CVE-2026-10020 2026-06-2 03:45 2026-05-29 Show GitHub Exploit DB Packet Storm
4044 9.6 CRITICAL
Network 		google chrome Out of bounds write in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: … CWE-787
 Out-of-bounds Write 		CVE-2026-9872 2026-06-2 03:45 2026-05-29 Show GitHub Exploit DB Packet Storm
4045 9.6 CRITICAL
Network 		google chrome Out of bounds read in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity:… CWE-125
Out-of-bounds Read 		CVE-2026-9875 2026-06-2 03:45 2026-05-29 Show GitHub Exploit DB Packet Storm
4046 9.6 CRITICAL
Network 		google chrome Use after free in WebGL in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri… CWE-416
 Use After Free 		CVE-2026-9876 2026-06-2 03:44 2026-05-29 Show GitHub Exploit DB Packet Storm
4047 8.3 HIGH
Network 		google chrome Use after free in WebView in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted … CWE-416
 Use After Free 		CVE-2026-9888 2026-06-2 03:44 2026-05-29 Show GitHub Exploit DB Packet Storm
4048 8.3 HIGH
Network 		google chrome Out of bounds read and write in Dawn in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security … CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2026-9889 2026-06-2 03:44 2026-05-29 Show GitHub Exploit DB Packet Storm
4049 8.3 HIGH
Network 		google chrome Inappropriate implementation in Skia in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via… CWE-269
 Improper Privilege Management 		CVE-2026-9892 2026-06-2 03:44 2026-05-29 Show GitHub Exploit DB Packet Storm
4050 8.3 HIGH
Network 		google chrome Insufficient validation of untrusted input in GPU in Google Chrome on Android prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb… CWE-20
 Improper Input Validation  		CVE-2026-9898 2026-06-2 03:44 2026-05-29 Show GitHub Exploit DB Packet Storm