NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
4651 8.0 HIGH
Network
- - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Live Share Canvas SDK allows an authorized attacker to elevate privileges over a network. CWE-79
Cross-site Scripting
CVE-2026-45644 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4652 7.5 HIGH
Network
- - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. CWE-125
Out-of-bounds Read
CVE-2026-45639 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4653 7.5 HIGH
Network
- - Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. CWE-400
 Uncontrolled Resource Consumption
CVE-2026-45591 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4654 7.5 HIGH
Network
- - Improper control of generation of code ('code injection') in Microsoft Exchange Server allows an unauthorized attacker to execute code over a network. CWE-94
Code Injection
CVE-2026-45583 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4655 6.1 MEDIUM
Network
- - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. CWE-79
Cross-site Scripting
CVE-2026-45500 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4656 6.2 MEDIUM
Local
- - Improper link resolution before file access ('link following') in .NET allows an unauthorized attacker to perform tampering locally. CWE-59
Link Following
CVE-2026-45491 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4657 7.8 HIGH
Local
- - Improper authorization in .NET allows an authorized attacker to elevate privileges locally. CWE-285
Improper Authorization
CVE-2026-45490 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4658 4.6 MEDIUM
Network
- - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Project Server allows an authorized attacker to perform spoofing over a network. CWE-79
Cross-site Scripting
CVE-2026-45483 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4659 8.4 HIGH
Local
- - Improper limitation of a pathname to a restricted directory ('path traversal') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. CWE-22
Path Traversal
CVE-2026-45482 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4660 8.2 HIGH
Local
- - Use after free in Linux MANA Driver allows an authorized attacker to elevate privileges locally. CWE-416
 Use After Free
CVE-2026-45476 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4661 7.8 HIGH
Local
- - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CWE-122
Heap-based Buffer Overflow
CVE-2026-45475 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4662 8.4 HIGH
Local
- - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CWE-416
 Use After Free
CVE-2026-45474 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4663 8.4 HIGH
Local
- - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CWE-416
 Use After Free
CVE-2026-45472 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4664 7.8 HIGH
Local
- - Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. CWE-822
 Untrusted Pointer Dereference
CVE-2026-45471 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4665 3.3 LOW
Local
- - Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. CWE-122
Heap-based Buffer Overflow
CVE-2026-45466 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4666 8.4 HIGH
Local
- - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CWE-121
CWE-191
Stack-based Buffer Overflow
 Integer Underflow (Wrap or Wraparound)
CVE-2026-45463 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4667 8.4 HIGH
Local
- - Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. CWE-416
 Use After Free
CVE-2026-45461 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4668 4.7 MEDIUM
Local
- - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. CWE-126
 Buffer Over-read
CVE-2026-45460 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4669 3.3 LOW
Local
- - Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. CWE-125
Out-of-bounds Read
CVE-2026-45455 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4670 7.8 HIGH
Local
- - Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. CWE-197
CWE-416
 Numeric Truncation Error
 Use After Free
CVE-2026-44823 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4671 7.8 HIGH
Local
- - Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. CWE-190
 Integer Overflow or Wraparound
CVE-2026-44812 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4672 7.8 HIGH
Local
- - Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. CWE-190
 Integer Overflow or Wraparound
CVE-2026-44803 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4673 7.5 HIGH
Network
- - Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CWE-362
CWE-416
Race Condition
 Use After Free
CVE-2026-42913 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4674 7.5 HIGH
Network
- - Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. CWE-125
Out-of-bounds Read
CVE-2026-42908 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4675 8.4 HIGH
Network
- - Improper neutralization of input during web page generation ('cross-site scripting') in Azure Stack Edge allows an authorized attacker to perform spoofing over a network. CWE-79
Cross-site Scripting
CVE-2026-41098 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4676 8.8 HIGH
Network
- - Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. CWE-280
Improper Handling of Insufficient Permissions or Privileges 
CVE-2026-40371 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4677 8.8 HIGH
Local
- - Improper limitation of a pathname to a restricted directory ('path traversal') in Microsoft Azure Kubernetes Service allows an authorized attacker to execute code locally. CWE-22
Path Traversal
CVE-2026-32193 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4678 4.8 MEDIUM
Adjacent
- - A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website. CWE-601
Open Redirect
CVE-2026-28301 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4679 9.8 CRITICAL
Network
- - Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. CWE-502
 Deserialization of Untrusted Data
CVE-2026-26142 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4680 7.3 HIGH
Local
- - NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering… CWE-129
 Improper Validation of Array Index
CVE-2026-24181 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4681 7.3 HIGH
Local
- - NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering… CWE-122
Heap-based Buffer Overflow
CVE-2026-24180 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4682 8.1 HIGH
Network
- - Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability in the privileged helper service. The helper validates connecting XPC clients using the clien… CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2026-24065 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4683 7.8 HIGH
Local
- - Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability. CWE-22
Path Traversal
CVE-2026-22926 2026-06-10 02:17 2026-06-10 Show GitHub Exploit DB Packet Storm
4684 7.3 HIGH
Network
- - A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the com… CWE-74
CWE-89
Injection
SQL Injection
CVE-2026-11531 2026-06-10 02:17 2026-06-9 Show GitHub Exploit DB Packet Storm
4685 4.3 MEDIUM
Network
- - A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least p… CWE-266
CWE-272
 Incorrect Privilege Assignment
 Least Privilege Violation
CVE-2026-11494 2026-06-10 02:17 2026-06-8 Show GitHub Exploit DB Packet Storm
4686 - -
- - Two endpoints in the Vault Service ScriptsController, shared by Altium Enterprise Server and Altium 365, accept file uploads where a user-supplied filename component is used to construct the destinat… CWE-22
CWE-306
Path Traversal
Missing Authentication for Critical Function
CVE-2026-11429 2026-06-10 02:17 2026-06-6 Show GitHub Exploit DB Packet Storm
4687 8.8 HIGH
Network
- - A security vulnerability has been detected in JingDong JD Cloud Box AX6600 4.5.3.r4546. The impacted element is the function set_macfilter of the file /sbin/jdcweb_rpc. The manipulation leads to stac… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow
CVE-2026-11413 2026-06-10 02:17 2026-06-6 Show GitHub Exploit DB Packet Storm
4688 6.3 MEDIUM
Network
- - A vulnerability has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected is an unknown function of the file … CWE-266
CWE-285
 Incorrect Privilege Assignment
Improper Authorization
CVE-2026-11336 2026-06-10 02:17 2026-06-6 Show GitHub Exploit DB Packet Storm
4689 9.1 CRITICAL
Network
- - Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C,… CWE-362
Race Condition
CVE-2025-10263 2026-06-10 02:16 2026-06-9 Show GitHub Exploit DB Packet Storm
4690 7.5 HIGH
Network
google chrome Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page.… CWE-416
 Use After Free
CVE-2026-11632 2026-06-10 01:58 2026-06-9 Show GitHub Exploit DB Packet Storm
4691 8.8 HIGH
Network
google chrome Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: Critical) CWE-416
 Use After Free
CVE-2026-11633 2026-06-10 01:57 2026-06-9 Show GitHub Exploit DB Packet Storm
4692 9.6 CRITICAL
Network
google chrome Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C… CWE-416
 Use After Free
CVE-2026-11634 2026-06-10 01:56 2026-06-9 Show GitHub Exploit DB Packet Storm
4693 8.3 HIGH
Network
google chrome Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… CWE-416
 Use After Free
CVE-2026-11635 2026-06-10 01:56 2026-06-9 Show GitHub Exploit DB Packet Storm
4694 7.5 HIGH
Network
google chrome Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption … CWE-416
 Use After Free
CVE-2026-11636 2026-06-10 01:50 2026-06-9 Show GitHub Exploit DB Packet Storm
4695 8.8 HIGH
Network
google chrome Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) CWE-416
 Use After Free
CVE-2026-11637 2026-06-10 01:49 2026-06-9 Show GitHub Exploit DB Packet Storm
4696 8.8 HIGH
Network
samlify_project samlify samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:Attribut… CWE-91
Blind XPath Injection
CVE-2026-46490 2026-06-10 01:48 2026-06-9 Show GitHub Exploit DB Packet Storm
4697 7.1 HIGH
Network
snipeitapp snipe-it Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the … CWE-863
 Incorrect Authorization
CVE-2026-48507 2026-06-10 01:41 2026-06-9 Show GitHub Exploit DB Packet Storm
4698 9.8 CRITICAL
Network
apache http_server Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to… CWE-416
 Use After Free
CVE-2026-29167 2026-06-10 01:29 2026-06-9 Show GitHub Exploit DB Packet Storm
4699 6.1 MEDIUM
Network
apache http_server A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers… CWE-79
Cross-site Scripting
CVE-2026-29170 2026-06-10 01:21 2026-06-9 Show GitHub Exploit DB Packet Storm
4700 7.5 HIGH
Network
apache http_server A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue. CWE-122
Heap-based Buffer Overflow
CVE-2026-34355 2026-06-10 01:20 2026-06-9 Show GitHub Exploit DB Packet Storm