NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 9, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
201	7.3	HIGH Network	-	-	A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-11450	2026-06-9 01:16	2026-06-7	Show	GitHub Exploit DB Packet Storm

202	4.7	MEDIUM Network	-	-	A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument ku… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-11448	2026-06-9 01:16	2026-06-7	Show	GitHub Exploit DB Packet Storm

203	6.5	MEDIUM Network	-	-	Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… Update	CWE-457 Use of Uninitialized Variable	CVE-2026-11123	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

204	6.1	MEDIUM Network	-	-	Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security sever… Update	CWE-358 Improperly Implemented Security Check for Standard	CVE-2026-11122	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

205	6.5	MEDIUM Network	-	-	Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H… Update	CWE-20 Improper Input Validation	CVE-2026-11121	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

206	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a … Update	CWE-20 Improper Input Validation	CVE-2026-11120	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

207	7.2	HIGH Network	-	-	A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to … Update	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-10870	2026-06-9 01:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

208	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in conc… New	-	CVE-2025-71315	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

209	6.5	MEDIUM Network	-	-	OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account c… New	CWE-348 Use of Less Trusted Source	CVE-2020-37248	2026-06-9 01:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

210	4.8	MEDIUM Network	checkmk	checkmk	Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicio… New	CWE-79 Cross-site Scripting	CVE-2026-8078	2026-06-9 00:53	2026-06-8	Show	GitHub Exploit DB Packet Storm

211	5.4	MEDIUM Network	checkmk	checkmk	Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a danger… New	CWE-79 Cross-site Scripting	CVE-2026-7186	2026-06-9 00:53	2026-06-8	Show	GitHub Exploit DB Packet Storm

212	4.8	MEDIUM Network	checkmk	checkmk	Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom c… New	CWE-79 Cross-site Scripting	CVE-2026-9549	2026-06-9 00:53	2026-06-8	Show	GitHub Exploit DB Packet Storm

213	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perfor… Update	CWE-20 Improper Input Validation	CVE-2026-11056	2026-06-9 00:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

214	6.5	MEDIUM Network	google	chrome	Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:… Update	CWE-20 Improper Input Validation	CVE-2026-11069	2026-06-9 00:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

215	9.6	CRITICAL Network	google	chrome	Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the network process to potentially perform a … Update	CWE-20 Improper Input Validation	CVE-2026-11070	2026-06-9 00:52	2026-06-5	Show	GitHub Exploit DB Packet Storm

216	8.8	HIGH Network	google	chrome	Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process mem… Update	CWE-416 Use After Free	CVE-2026-11071	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

217	7.8	HIGH Local	google	chrome	Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: Medium) Update	CWE-416 Use After Free	CVE-2026-11072	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

218	6.5	MEDIUM Network	google	chrome	Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security s… Update	CWE-416 Use After Free	CVE-2026-11073	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

219	6.5	MEDIUM Network	google	chrome	Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security … Update	CWE-125 Out-of-bounds Read	CVE-2026-11075	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

220	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p… Update	CWE-20 CWE-284 Improper Input Validation Improper Access Control	CVE-2026-11078	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

221	6.5	MEDIUM Network	google	chrome	Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. … Update	CWE-20 Improper Input Validation	CVE-2026-11093	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

222	9.6	CRITICAL Network	google	chrome	Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… Update	CWE-416 Use After Free	CVE-2026-11094	2026-06-9 00:51	2026-06-5	Show	GitHub Exploit DB Packet Storm

223	9.9	CRITICAL Network	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is v… Update	CWE-78 OS Command	CVE-2026-45744	2026-06-9 00:25	2026-06-6	Show	GitHub Exploit DB Packet Storm

224	9.6	CRITICAL Network	guardrailsai	guardrails_ai	Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. … Update	CWE-506 Embedded Malicious Code	CVE-2026-45758	2026-06-9 00:22	2026-06-6	Show	GitHub Exploit DB Packet Storm

225	7.8	HIGH Local	bitdefender	napoca	Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler comput… Update	CWE-787 Out-of-bounds Write	CVE-2026-10046	2026-06-9 00:18	2026-06-3	Show	GitHub Exploit DB Packet Storm

226	7.8	HIGH Local	bitdefender	napoca	The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled S… Update	CWE-787 Out-of-bounds Write	CVE-2026-10047	2026-06-9 00:17	2026-06-3	Show	GitHub Exploit DB Packet Storm

227	5.8	MEDIUM Network	-	-	On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN (Virtual Extensible LAN), decap-groups, or a GRE (Generic Routing Encapsulation) tunnel interface—is … Update	CWE-1023 Incomplete Comparison with Missing Factors	CVE-2026-7473	2026-06-9 00:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

228	7.0	HIGH Local	-	-	Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 Update	-	CVE-2026-50265	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

229	-	-	-	-	When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. New	CWE-755 Improper Handling of Exceptional Conditions	CVE-2026-49235	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

230	-	-	-	-	When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted n… New	CWE-20 Improper Input Validation	CVE-2026-49234	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

231	-	-	-	-	Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name … New	CWE-22 Path Traversal	CVE-2026-49233	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

232	-	-	-	-	Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously … New	CWE-755 Improper Handling of Exceptional Conditions	CVE-2026-49232	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

233	-	-	-	-	Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot… New	CWE-841 Improper Enforcement of Behavioral Workflow	CVE-2026-43974	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

234	-	-	-	-	Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gun_http:handle/5,… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-43973	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

235	-	-	-	-	Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority. In gun_http2:push_promise_frame/7, the :… New	CWE-346 Origin Validation Error	CVE-2026-43972	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

236	7.5	HIGH Network	-	-	bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service. Update	CWE-125 Out-of-bounds Read	CVE-2026-38570	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

237	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulne… New	-	CVE-2026-36789	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

238	9.8	CRITICAL Network	-	-	GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack. Update	CWE-328 Use of Weak Hash	CVE-2026-36182	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

239	4.6	MEDIUM Physics	-	-	A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot sessi… Update	-	CVE-2026-36180	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

240	4.6	MEDIUM Physics	-	-	GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtai… Update	CWE-256 Plaintext Storage of a Password	CVE-2026-36174	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

241	9.8	CRITICAL Network	-	-	T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account. Update	CWE-259 Use of Hard-coded Password	CVE-2026-35905	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

242	9.8	CRITICAL Network	-	-	Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via … Update	CWE-284 Improper Access Control	CVE-2026-35904	2026-06-9 00:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

243	8.4	HIGH Local	-	-	clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation. New	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-26422	2026-06-9 00:16	2026-06-7	Show	GitHub Exploit DB Packet Storm

244	4.8	MEDIUM Network	-	-	QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG f… New	CWE-79 Cross-site Scripting	CVE-2026-25558	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

245	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/c… New	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-11521	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

246	3.5	LOW Network	-	-	A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It i… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-11520	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

247	6.3	MEDIUM Network	-	-	A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the comp… New	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-11519	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

248	4.3	MEDIUM Network	-	-	A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-11518	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

249	8.8	HIGH Network	-	-	A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupNam… New	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-11517	2026-06-9 00:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

250	3.5	LOW Network	-	-	A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a ma… New	CWE-74 CWE-80 Injection Basic XSS	CVE-2026-11511	2026-06-9 00:16	2026-06-8	Show	GitHub Exploit DB Packet Storm