NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4551	7.5	HIGH Network	google	chrome	Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Exte…	CWE-416 Use After Free	CVE-2026-11644	2026-06-9 23:57	2026-06-9	Show	GitHub Exploit DB Packet Storm

4552	8.1	HIGH Network	google	chrome	Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)	CWE-416 Use After Free	CVE-2026-11643	2026-06-9 23:57	2026-06-9	Show	GitHub Exploit DB Packet Storm

4553	8.8	HIGH Network	flowiseai	flowise	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover.…	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46480	2026-06-9 23:57	2026-06-9	Show	GitHub Exploit DB Packet Storm

4554	8.8	HIGH Network	google	chrome	Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…	CWE-416 Use After Free	CVE-2026-11646	2026-06-9 23:56	2026-06-9	Show	GitHub Exploit DB Packet Storm

4555	6.8	MEDIUM Physics	google	chrome	Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. (Chromium security severity: Critic…	CWE-416 Use After Free	CVE-2026-11628	2026-06-9 23:54	2026-06-9	Show	GitHub Exploit DB Packet Storm

4556	8.8	HIGH Network	google	chrome	Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11674	2026-06-9 23:54	2026-06-9	Show	GitHub Exploit DB Packet Storm

4557	8.8	HIGH Network	google	chrome	Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi…	CWE-416 Use After Free	CVE-2026-11673	2026-06-9 23:54	2026-06-9	Show	GitHub Exploit DB Packet Storm

4558	9.6	CRITICAL Network	google	chrome	Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11671	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4559	8.8	HIGH Network	google	chrome	Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11670	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4560	7.5	HIGH Network	google	chrome	Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Ch…	CWE-125 Out-of-bounds Read	CVE-2026-11667	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4561	7.5	HIGH Network	google	chrome	Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via…	CWE-125 CWE-787 Out-of-bounds Read Out-of-bounds Write	CVE-2026-11690	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4562	8.8	HIGH Network	google	chrome	Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11683	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4563	8.8	HIGH Network	google	chrome	Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: …	CWE-416 Use After Free	CVE-2026-11680	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4564	8.3	HIGH Network	google	chrome	Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted H…	CWE-416 Use After Free	CVE-2026-11679	2026-06-9 23:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

4565	5.3	MEDIUM Network	google	chrome	Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory …	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-11678	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4566	8.3	HIGH Network	google	chrome	Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chr…	CWE-362 Race Condition	CVE-2026-11677	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4567	3.1	LOW Network	google	chrome	Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec…	CWE-20 Improper Input Validation	CVE-2026-11675	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4568	8.8	HIGH Network	google	chrome	Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 Use After Free	CVE-2026-11629	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4569	7.5	HIGH Network	google	chrome	Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HT…	CWE-416 Use After Free	CVE-2026-11694	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4570	8.8	HIGH Network	google	chrome	Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…	CWE-94 Code Injection	CVE-2026-11688	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4571	8.8	HIGH Network	google	chrome	Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11687	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4572	3.1	LOW Network	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a…	CWE-20 Improper Input Validation	CVE-2026-11686	2026-06-9 23:52	2026-06-9	Show	GitHub Exploit DB Packet Storm

4573	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …	CWE-20 Improper Input Validation	CVE-2026-11685	2026-06-9 23:51	2026-06-9	Show	GitHub Exploit DB Packet Storm

4574	3.1	LOW Network	google	chrome	Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page…	CWE-693 Protection Mechanism Failure	CVE-2026-11684	2026-06-9 23:51	2026-06-9	Show	GitHub Exploit DB Packet Storm

4575	8.3	HIGH Network	google	chrome	Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …	CWE-416 Use After Free	CVE-2026-11700	2026-06-9 23:51	2026-06-9	Show	GitHub Exploit DB Packet Storm

4576	8.8	HIGH Network	google	chrome	Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11699	2026-06-9 23:51	2026-06-9	Show	GitHub Exploit DB Packet Storm

4577	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security…	CWE-20 Improper Input Validation	CVE-2026-11697	2026-06-9 23:51	2026-06-9	Show	GitHub Exploit DB Packet Storm

4578	5.3	MEDIUM Network	google	chrome	Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proc…	CWE-457 Use of Uninitialized Variable	CVE-2026-11696	2026-06-9 23:51	2026-06-9	Show	GitHub Exploit DB Packet Storm

4579	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-693 Protection Mechanism Failure	CVE-2026-11695	2026-06-9 23:50	2026-06-9	Show	GitHub Exploit DB Packet Storm

4580	8.8	HIGH Network	google	chrome	Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 Use After Free	CVE-2026-11698	2026-06-9 23:50	2026-06-9	Show	GitHub Exploit DB Packet Storm

4581	5.3	MEDIUM Network	checkmk	checkmk	Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing a…	CWE-863 Incorrect Authorization	CVE-2026-7765	2026-06-9 23:49	2026-06-8	Show	GitHub Exploit DB Packet Storm

4582	5.4	MEDIUM Network	checkmk	checkmk	Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validati…	CWE-79 Cross-site Scripting	CVE-2026-8833	2026-06-9 23:49	2026-06-8	Show	GitHub Exploit DB Packet Storm

4583	-	-	-	-	The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the render…	CWE-749 Exposed Dangerous Method or Function	CVE-2026-47899	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4584	-	-	-	-	Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" wi…	CWE-79 Cross-site Scripting	CVE-2026-47900	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4585	-	-	-	-	Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Du…	CWE-79 Cross-site Scripting	CVE-2026-47901	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4586	-	-	-	-	Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory ex…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-49762	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4587	9.8	CRITICAL Network	-	-	Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 befor…	CWE-89 SQL Injection	CVE-2026-7486	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4588	-	-	-	-	Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concaten…	CWE-78 OS Command	CVE-2026-9279	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4589	8.8	HIGH Network	google	chrome	Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 Use After Free	CVE-2026-11630	2026-06-9 23:47	2026-06-9	Show	GitHub Exploit DB Packet Storm

4590	8.3	HIGH Network	google	chrome	Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…	CWE-416 Use After Free	CVE-2026-11631	2026-06-9 23:45	2026-06-9	Show	GitHub Exploit DB Packet Storm

4591	3.3	LOW Network	-	-	A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…	CWE-122 Heap-based Buffer Overflow	CVE-2026-11792	2026-06-9 23:42	2026-06-9	Show	GitHub Exploit DB Packet Storm

4592	9.6	CRITICAL Network	google	chrome	Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)	CWE-416 Use After Free	CVE-2026-11165	2026-06-9 23:24	2026-06-5	Show	GitHub Exploit DB Packet Storm

4593	9.8	CRITICAL Network	-	-	A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the head…	CWE-170 CWE-787 Improper Null Termination Out-of-bounds Write	CVE-2026-5067	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

4594	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_reg…	-	CVE-2026-52905	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

4595	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, …	-	CVE-2026-52904	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

4596	5.3	MEDIUM Network	-	-	The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads a…	CWE-862 Missing Authorization	CVE-2026-4986	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

4597	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed ou…	-	CVE-2026-46329	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

4598	6.1	MEDIUM Network	-	-	Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame…	CWE-79 Cross-site Scripting	CVE-2026-38579	2026-06-9 23:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

4599	-	-	-	-	A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve pr…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-2638	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

4600	8.3	HIGH Network	-	-	Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-11640	2026-06-9 23:16	2026-06-9	Show	GitHub Exploit DB Packet Storm