NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 9, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
151	7.8	HIGH Local	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow… Update	CWE-121 Stack-based Buffer Overflow	CVE-2026-50256	2026-06-9 01:45	2026-06-5	Show	GitHub Exploit DB Packet Storm

152	4.3	MEDIUM Network	google	chrome	Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Update	CWE-346 Origin Validation Error	CVE-2026-11309	2026-06-9 01:40	2026-06-5	Show	GitHub Exploit DB Packet Storm

153	6.5	MEDIUM Network	team	net\	Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj… Update	CWE-93 CRLF Injection	CVE-2026-8722	2026-06-9 01:39	2026-06-4	Show	GitHub Exploit DB Packet Storm

154	7.7	HIGH Local	google	chrome	Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium… Update	CWE-20 Improper Input Validation	CVE-2026-11297	2026-06-9 01:37	2026-06-5	Show	GitHub Exploit DB Packet Storm

155	7.5	HIGH Network	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network range… Update	CWE-674 CWE-1287 Uncontrolled Recursion Improper Validation of Specified Type of Input	CVE-2026-49941	2026-06-9 01:37	2026-06-5	Show	GitHub Exploit DB Packet Storm

156	8.8	HIGH Network	google	chrome	Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severi… Update	CWE-269 Improper Privilege Management	CVE-2026-11295	2026-06-9 01:37	2026-06-5	Show	GitHub Exploit DB Packet Storm

157	7.3	HIGH Network	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, wh… Update	CWE-1289 Improper Validation of Unsafe Equivalence in Input	CVE-2026-49942	2026-06-9 01:37	2026-06-5	Show	GitHub Exploit DB Packet Storm

158	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security … Update	CWE-346 Origin Validation Error	CVE-2026-11291	2026-06-9 01:37	2026-06-5	Show	GitHub Exploit DB Packet Storm

159	6.5	MEDIUM Network	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This… Update	CWE-1289 Improper Validation of Unsafe Equivalence in Input	CVE-2026-49940	2026-06-9 01:35	2026-06-5	Show	GitHub Exploit DB Packet Storm

160	7.5	HIGH Network	sanbeg	etsy\	Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj… Update	CWE-93 CRLF Injection	CVE-2026-46741	2026-06-9 01:33	2026-06-5	Show	GitHub Exploit DB Packet Storm

161	6.5	MEDIUM Network	google	chrome	Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions v… Update	CWE-20 CWE-602 Improper Input Validation Client-Side Enforcement of Server-Side Security	CVE-2026-11287	2026-06-9 01:31	2026-06-5	Show	GitHub Exploit DB Packet Storm

162	5.3	MEDIUM Network	cosimo	net\	Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st… Update	CWE-93 CRLF Injection	CVE-2026-46739	2026-06-9 01:31	2026-06-5	Show	GitHub Exploit DB Packet Storm

163	7.5	HIGH Network	oalders	html\	HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu… Update	CWE-416 Use After Free	CVE-2026-8829	2026-06-9 01:29	2026-06-4	Show	GitHub Exploit DB Packet Storm

164	5.0	MEDIUM Local	google	chrome	Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Ch… Update	CWE-472 CWE-190 External Control of Assumed-Immutable Web Parameter Integer Overflow or Wraparound	CVE-2026-11281	2026-06-9 01:27	2026-06-5	Show	GitHub Exploit DB Packet Storm

165	-	-	-	-	Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. New	CWE-416 Use After Free	CVE-2026-48913	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

166	-	-	-	-	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac… New	CWE-328 Use of Weak Hash	CVE-2026-48488	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

167	8.8	HIGH Network	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically del… New	CWE-285 CWE-613 Improper Authorization Insufficient Session Expiration	CVE-2026-46656	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

168	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46478	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

169	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. Thi… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46477	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

170	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeo… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46476	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

171	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middlewar… New	CWE-862 Missing Authorization	CVE-2026-46444	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

172	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData… New	CWE-200 Information Exposure	CVE-2026-46443	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

173	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authen… New	CWE-94 Code Injection	CVE-2026-46442	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

174	7.5	HIGH Network	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting a… New	CWE-522 Insufficiently Protected Credentials	CVE-2026-46440	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

175	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free (UAF) and Nul… New	-	CVE-2026-46275	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

176	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] if t… New	-	CVE-2026-46274	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

177	-	-	-	-	Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to… New	CWE-124 Buffer Underflow	CVE-2026-44631	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

178	-	-	-	-	Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: f… New	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-44186	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

179	-	-	-	-	Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are rec… New	CWE-126 Buffer Over-read	CVE-2026-44185	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

180	-	-	-	-	Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTT… New	CWE-269 Improper Privilege Management	CVE-2026-44119	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

181	-	-	-	-	Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. New	CWE-125 Out-of-bounds Read	CVE-2026-43951	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

182	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. T… New	CWE-284 CWE-639 CWE-915 Improper Access Control Authorization Bypass Through User-Controlled Key Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-42861	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

183	5.4	MEDIUM Network	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi… Update	CWE-863 Incorrect Authorization	CVE-2026-42547	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

184	-	-	-	-	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are re… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-42536	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

185	-	-	-	-	A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. User… New	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2026-42535	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

186	4.7	MEDIUM Network	-	-	Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir… Update	CWE-602 Client-Side Enforcement of Server-Side Security	CVE-2026-42329	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

187	8.8	HIGH Network	-	-	Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning cod… Update	CWE-59 Link Following	CVE-2026-41236	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

188	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to ca… New	-	CVE-2026-36786	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

189	-	-	-	-	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-34356	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

190	-	-	-	-	A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue. New	CWE-122 Heap-based Buffer Overflow	CVE-2026-34355	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

191	-	-	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidenta… New	CWE-468	CVE-2026-34194	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

192	-	-	-	-	A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers… New	CWE-79 Cross-site Scripting	CVE-2026-29170	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

193	-	-	-	-	Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to… New	CWE-416 Use After Free	CVE-2026-29167	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

194	-	-	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters t… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-22164	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

195	6.3	MEDIUM Network	-	-	A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI… New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-11529	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

196	8.8	HIGH Network	-	-	A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of … New	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-11528	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

197	8.8	HIGH Network	-	-	A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipul… New	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-11524	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

198	8.8	HIGH Network	-	-	A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirror… New	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-11522	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

199	5.5	MEDIUM Adjacent	-	-	A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-11516	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

200	3.3	LOW Local	-	-	A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to … New	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2026-11459	2026-06-9 01:16	2026-06-7	Show	GitHub Exploit DB Packet Storm