Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1111	8.8	重要 Network	Google	Android	GoogleのAndroidにおけるヒープベースのバッファオーバーフローの脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-0132	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1112	7.8	重要 Local	Google	Android	GoogleのAndroidにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-0133	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1113	3.3	低 Local	Google	Android	GoogleのAndroidにおけるリソースの安全ではないデフォルト値への初期化に関する脆弱性	CWE-1188 リソースの安全ではないデフォルト値への初期化	CVE-2026-0134	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1114	7.8	重要 Local	Google	Android	GoogleのAndroidにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-0135	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1115	6.5	警告 Network	Google	Android	GoogleのAndroidにおける複数の脆弱性	CWE-120 CWE-125	CVE-2026-0136	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1116	7.8	重要 Local	Google	Android	GoogleのAndroidにおける解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-0137	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1117	7.8	重要 Local	Google	Android	GoogleのAndroidにおける複数の脆弱性	CWE-120 CWE-787	CVE-2026-0138	2026-06-22 11:31	2026-06-16	Show	GitHub Exploit DB Packet Storm

1118	8.8	重要 Network	Google	Android	GoogleのAndroidにおけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2026-0139	2026-06-22 11:30	2026-06-16	Show	GitHub Exploit DB Packet Storm

1119	4.3	警告 Network	Google	Android	GoogleのAndroidにおける複数の脆弱性	CWE-125 CWE-190	CVE-2026-0140	2026-06-22 11:30	2026-06-16	Show	GitHub Exploit DB Packet Storm

1120	4.3	警告 Network	Google	Android	GoogleのAndroidにおける複数の脆弱性	CWE-120 CWE-125	CVE-2026-0141	2026-06-22 11:30	2026-06-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1051	4.9	MEDIUM Network	-	-	Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the …	CWE-20 Improper Input Validation	CVE-2025-64719	2026-06-26 06:16	2026-06-25	Show	GitHub Exploit DB Packet Storm

1052	5.5	MEDIUM Local	-	-	Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit	CWE-88 Argument Injection	CVE-2026-11968	2026-06-26 05:21	2026-06-24	Show	GitHub Exploit DB Packet Storm

1053	8.0	HIGH Network	-	-	py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, w…	CWE-59 Link Following	CVE-2026-23879	2026-06-26 05:21	2026-06-25	Show	GitHub Exploit DB Packet Storm

1054	7.2	HIGH Network	-	-	3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by …	CWE-73 External Control of File Name or Path	CVE-2026-55477	2026-06-26 05:21	2026-06-26	Show	GitHub Exploit DB Packet Storm

1055	3.5	LOW Network	-	-	HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.	CWE-284 CWE-319 Improper Access Control Cleartext Transmission of Sensitive Information	CVE-2025-15619	2026-06-26 05:20	2026-06-24	Show	GitHub Exploit DB Packet Storm

1056	7.6	HIGH Network	-	-	A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's b…	CWE-791 Incomplete Filtering of Special Elements	CVE-2026-11998	2026-06-26 05:20	2026-06-25	Show	GitHub Exploit DB Packet Storm

1057	2.5	LOW Local	cacti	cacti	Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric value…	CWE-474 Use of Function with Inconsistent Implementations	CVE-2026-39894	2026-06-26 05:19	2026-06-25	Show	GitHub Exploit DB Packet Storm

1058	7.6	HIGH Network	-	-	Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the AI agent monitor's …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-55583	2026-06-26 05:18	2026-06-25	Show	GitHub Exploit DB Packet Storm

1059	9.6	CRITICAL Network	-	-	immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows a…	CWE-79 CWE-601 Cross-site Scripting Open Redirect	CVE-2026-53662	2026-06-26 05:18	2026-06-24	Show	GitHub Exploit DB Packet Storm

1060	9.0	CRITICAL Network	-	-	LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-54157	2026-06-26 05:18	2026-06-24	Show	GitHub Exploit DB Packet Storm