NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:July 2, 2026, 4:03 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
4901 4.3 MEDIUM
Network
- - DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability. CWE-399
 Resource Management Errors
CVE-2026-41983 2026-06-9 22:34 2026-06-9 Show GitHub Exploit DB Packet Storm
4902 5.2 MEDIUM
Local
- - UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. CWE-284
Improper Access Control
CVE-2026-41984 2026-06-9 22:34 2026-06-9 Show GitHub Exploit DB Packet Storm
4903 5.1 MEDIUM
Local
- - UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. CWE-284
Improper Access Control
CVE-2026-41985 2026-06-9 22:34 2026-06-9 Show GitHub Exploit DB Packet Storm
4904 2.4 LOW
Physics
- - Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. CWE-606
 Unchecked Input for Loop Condition
CVE-2026-41986 2026-06-9 22:34 2026-06-9 Show GitHub Exploit DB Packet Storm
4905 9.0 CRITICAL
Network
- - Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen… CWE-94
Code Injection
CVE-2026-11393 2026-06-9 22:34 2026-06-9 Show GitHub Exploit DB Packet Storm
4906 6.4 MEDIUM
Network
- - The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and o… CWE-79
Cross-site Scripting
CVE-2026-10862 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4907 5.3 MEDIUM
Network
- - A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v… CWE-266
CWE-272
 Incorrect Privilege Assignment
 Least Privilege Violation
CVE-2026-11620 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4908 4.7 MEDIUM
Network
- - A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat… CWE-284
CWE-434
Improper Access Control
 Unrestricted Upload of File with Dangerous Type 
CVE-2026-11621 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4909 6.4 MEDIUM
Network
- - The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit… CWE-79
Cross-site Scripting
CVE-2026-5714 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4910 7.2 HIGH
Network
- - The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit… CWE-79
Cross-site Scripting
CVE-2026-7556 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4911 6.4 MEDIUM
Network
- - The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa… CWE-79
Cross-site Scripting
CVE-2026-10024 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4912 4.3 MEDIUM
Network
- - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFo… CWE-352
 Origin Validation Error
CVE-2026-10553 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4913 6.4 MEDIUM
Network
- - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient in… CWE-79
Cross-site Scripting
CVE-2026-10738 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4914 6.1 MEDIUM
Network
- - The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, 1.0.6 due to i… CWE-79
Cross-site Scripting
CVE-2026-11603 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4915 4.5 MEDIUM
Local
- - A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach… CWE-119
CWE-416
Incorrect Access of Indexable Resource ('Range Error') 
 Use After Free
CVE-2026-11623 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4916 6.4 MEDIUM
Network
- - The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, and including, … CWE-79
Cross-site Scripting
CVE-2026-7662 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4917 5.3 MEDIUM
Network
- - The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to… CWE-843
Type Confusion
CVE-2026-8499 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4918 6.4 MEDIUM
Network
- - The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d… CWE-79
Cross-site Scripting
CVE-2026-8841 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4919 6.4 MEDIUM
Network
- - The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i… CWE-79
Cross-site Scripting
CVE-2026-8880 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4920 6.4 MEDIUM
Network
- - The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san… CWE-79
Cross-site Scripting
CVE-2026-8882 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4921 6.4 MEDIUM
Network
- - The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input … CWE-79
Cross-site Scripting
CVE-2026-8895 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4922 4.3 MEDIUM
Network
- - The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.… CWE-352
 Origin Validation Error
CVE-2026-8904 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4923 6.4 MEDIUM
Network
- - The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient… CWE-79
Cross-site Scripting
CVE-2026-8883 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4924 4.3 MEDIUM
Network
- - The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o… CWE-352
 Origin Validation Error
CVE-2026-8902 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4925 6.1 MEDIUM
Network
- - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process_init() function hook… CWE-352
 Origin Validation Error
CVE-2026-8907 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4926 4.3 MEDIUM
Network
- - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralS… CWE-352
 Origin Validation Error
CVE-2026-8909 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4927 6.1 MEDIUM
Network
- - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function… CWE-352
 Origin Validation Error
CVE-2026-8910 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4928 4.3 MEDIUM
Network
- - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-leve… CWE-352
 Origin Validation Error
CVE-2026-8940 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4929 8.1 HIGH
Network
- - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the u… CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2026-9662 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4930 6.4 MEDIUM
Network
- - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to miss… CWE-79
Cross-site Scripting
CVE-2026-8977 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4931 7.5 HIGH
Network
- - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_g… CWE-639
 Authorization Bypass Through User-Controlled Key
CVE-2026-9185 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4932 8.8 HIGH
Network
- - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying str… CWE-269
 Improper Privilege Management
CVE-2026-11616 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4933 6.5 MEDIUM
Network
- - The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak… CWE-200
Information Exposure
CVE-2026-7542 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4934 8.8 HIGH
Network
- - The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl… CWE-502
 Deserialization of Untrusted Data
CVE-2026-8365 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4935 6.4 MEDIUM
Network
- - The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions … CWE-79
Cross-site Scripting
CVE-2026-8599 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4936 6.4 MEDIUM
Network
- - The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i… CWE-79
Cross-site Scripting
CVE-2026-8677 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4937 4.3 MEDIUM
Network
- - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi… CWE-862
 Missing Authorization
CVE-2026-4058 2026-06-9 22:33 2026-06-9 Show GitHub Exploit DB Packet Storm
4938 - -
- - In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to … - CVE-2026-46318 2026-06-9 22:16 2026-06-9 Show GitHub Exploit DB Packet Storm
4939 8.0 HIGH
Network
- - VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri… CWE-79
Cross-site Scripting
CVE-2026-41723 2026-06-9 22:16 2026-06-8 Show GitHub Exploit DB Packet Storm
4940 8.0 HIGH
Network
- - VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri… CWE-79
Cross-site Scripting
CVE-2026-41722 2026-06-9 22:16 2026-06-8 Show GitHub Exploit DB Packet Storm
4941 6.5 MEDIUM
Network
google chrome Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via… CWE-284
Improper Access Control
CVE-2026-11190 2026-06-9 21:51 2026-06-5 Show GitHub Exploit DB Packet Storm
4942 6.5 MEDIUM
Network
google chrome Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti… CWE-20
 Improper Input Validation 
CVE-2026-11189 2026-06-9 21:51 2026-06-5 Show GitHub Exploit DB Packet Storm
4943 8.8 HIGH
Network
google chrome Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s… CWE-125
Out-of-bounds Read
CVE-2026-11191 2026-06-9 21:50 2026-06-5 Show GitHub Exploit DB Packet Storm
4944 4.3 MEDIUM
Network
google chrome Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi… CWE-20
 Improper Input Validation 
CVE-2026-11192 2026-06-9 21:49 2026-06-5 Show GitHub Exploit DB Packet Storm
4945 6.5 MEDIUM
Network
google chrome Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit… CWE-284
Improper Access Control
CVE-2026-11193 2026-06-9 21:49 2026-06-5 Show GitHub Exploit DB Packet Storm
4946 - -
- - In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::… - CVE-2026-46315 2026-06-9 18:16 2026-06-9 Show GitHub Exploit DB Packet Storm
4947 7.1 HIGH
Network
- - A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources… CWE-732
 Incorrect Permission Assignment for Critical Resource
CVE-2026-10840 2026-06-9 18:16 2026-06-4 Show GitHub Exploit DB Packet Storm
4948 6.5 MEDIUM
Network
google chrome Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HT… CWE-20
 Improper Input Validation 
CVE-2026-11023 2026-06-9 12:08 2026-06-5 Show GitHub Exploit DB Packet Storm
4949 8.8 HIGH
Network
google chrome Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) CWE-121
Stack-based Buffer Overflow
CVE-2026-11024 2026-06-9 12:07 2026-06-5 Show GitHub Exploit DB Packet Storm
4950 6.5 MEDIUM
Network
google chrome Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium securit… CWE-602
 Client-Side Enforcement of Server-Side Security
CVE-2026-11025 2026-06-9 12:07 2026-06-5 Show GitHub Exploit DB Packet Storm