Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 22, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1071	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows Server 2022 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft&n…	Windows ユニバーサルディスクフォーマットファイルシステムドライバー (UDFS) の特権昇格の脆弱性	CWE-197 数値打ち切り誤差	CVE-2026-40409	2026-06-12 14:54	2026-06-9	Show	GitHub Exploit DB Packet Storm

1072	7.5	重要 Network	VMware	Spring HATEOAS	VMwareのSpring HATEOASにおけるアクセス制御に関する脆弱性	CWE-284 CWE-noinfo	CVE-2026-41006	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1073	7.5	重要 Network	VMware	Spring HATEOAS	VMwareのSpring HATEOASにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41007	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1074	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows Server 2022 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft&n…	Microsoft Kinect の特権昇格の脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-41092	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1075	7	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows Server 2022 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft&n…	Windows DNS クライアントの特権の昇格の脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-41108	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1076	7.5	重要 Network	VMware	Spring Framework	VMwareのSpring Frameworkにおける不十分なランダム値の使用に関する脆弱性	CWE-330 不十分なランダム値の使用	CVE-2026-41838	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1077	6.1	警告 Network	VMware	Spring Framework	VMwareのSpring Frameworkにおけるオープンリダイレクトの脆弱性	CWE-601 オープンリダイレクト	CVE-2026-41844	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1078	6.1	警告 Network	VMware	Spring Framework	VMwareのSpring Frameworkにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41845	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1079	6.1	警告 Network	VMware	Spring Framework	VMwareのSpring Frameworkにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41846	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

1080	5.3	警告 Network	VMware	Spring Framework	VMwareのSpring Frameworkにおけるアクセス制御に関する脆弱性	CWE-284 CWE-noinfo	CVE-2026-41847	2026-06-12 14:53	2026-06-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
320511	8.8	HIGH Network	dell	smartfabric_os10	Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A…	CWE-77 Command Injection	CVE-2024-38486	2024-09-14 05:36	2024-09-6	Show	GitHub Exploit DB Packet Storm

320512	7.2	HIGH Network	wedevs	wp_user_frontend	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP User Frontend allows SQL Injection.This issue affects WP User Frontend: from n/a throug…	CWE-89 SQL Injection	CVE-2024-38693	2024-09-14 05:35	2024-08-29	Show	GitHub Exploit DB Packet Storm

320513	5.4	MEDIUM Network	qnap	notes_station_3	A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We hav…	CWE-79 Cross-site Scripting	CVE-2024-27126	2024-09-14 05:31	2024-09-7	Show	GitHub Exploit DB Packet Storm

320514	7.5	HIGH Network	accordors	accord_ors	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.	NVD-CWE-noinfo	CVE-2024-1744	2024-09-14 05:30	2024-09-6	Show	GitHub Exploit DB Packet Storm

320515	6.1	MEDIUM Network	br-automation	industrial_automation_aprol	Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may allow a network-based attacker to execute arbitrary JavaScript code in the context of the user's brows…	CWE-79 Cross-site Scripting	CVE-2024-5624	2024-09-14 05:23	2024-08-29	Show	GitHub Exploit DB Packet Storm

320516	7.8	HIGH Local	br-automation	industrial_automation_aprol	An untrusted search path vulnerability in the AprolConfigureCCServices of B&R APROL <= R 4.2.-07P3 and <= R 4.4-00P3 may allow an authenticated local attacker to execute arbitrary code with elevated …	CWE-426 Untrusted Search Path	CVE-2024-5622	2024-09-14 05:21	2024-08-29	Show	GitHub Exploit DB Packet Storm

320517	7.8	HIGH Local	br-automation	industrial_automation_aprol	An untrusted search path vulnerability in B&R APROL <= R 4.4-00P3 may be used by an authenticated local attacker to get other users to execute arbitrary code under their privileges.	CWE-426 Untrusted Search Path	CVE-2024-5623	2024-09-14 05:19	2024-08-29	Show	GitHub Exploit DB Packet Storm

320518	8.8	HIGH Network	portabilis	i-educar	i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A SQL Injection vulnerability was found prior to the 2.9 b…	CWE-89 SQL Injection	CVE-2024-45059	2024-09-14 05:09	2024-08-29	Show	GitHub Exploit DB Packet Storm

320519	8.1	HIGH Network	portabilis	i-educar	i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal vie…	CWE-862 Missing Authorization	CVE-2024-45058	2024-09-14 05:06	2024-08-29	Show	GitHub Exploit DB Packet Storm

320520	6.1	MEDIUM Network	portabilis	i-educar	i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. A Reflected Cross-Site Scripting (XSS) vulnerability was i…	CWE-79 Cross-site Scripting	CVE-2024-45057	2024-09-14 05:03	2024-08-29	Show	GitHub Exploit DB Packet Storm