Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1211	8.1	重要 Network	OpenClaw	OpenClaw	OpenClawにおけるスプーフィングによる認証回避に関する脆弱性	CWE-290 スプーフィングによる認証回避	CVE-2026-53849	2026-06-22 11:48	2026-06-16	Show	GitHub Exploit DB Packet Storm

1212	5.5	警告 Local	OpenClaw	OpenClaw	OpenClawにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-53850	2026-06-22 11:48	2026-06-16	Show	GitHub Exploit DB Packet Storm

1213	5.3	警告 Network	OpenClaw	OpenClaw	OpenClawにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-53851	2026-06-22 11:48	2026-06-16	Show	GitHub Exploit DB Packet Storm

1214	5.4	警告 Network	OpenClaw	OpenClaw	OpenClawにおける安全でない失敗処理に関する脆弱性	CWE-636 安全でない失敗処理	CVE-2026-53852	2026-06-22 11:48	2026-06-16	Show	GitHub Exploit DB Packet Storm

1215	8.3	重要 Network	OpenClaw	OpenClaw	OpenClawにおける複数の脆弱性	CWE-693 CWE-863	CVE-2026-53853	2026-06-22 11:48	2026-06-16	Show	GitHub Exploit DB Packet Storm

1216	6.5	警告 Network	OpenClaw	OpenClaw	OpenClawにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-53854	2026-06-22 11:48	2026-06-16	Show	GitHub Exploit DB Packet Storm

1217	8.1	重要 Network	OpenClaw	OpenClaw	OpenClawにおける複数の脆弱性	CWE-184 CWE-863	CVE-2026-53855	2026-06-22 11:47	2026-06-16	Show	GitHub Exploit DB Packet Storm

1218	5.5	警告 Local	OpenClaw	OpenClaw	OpenClawにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-53856	2026-06-22 11:47	2026-06-16	Show	GitHub Exploit DB Packet Storm

1219	8.1	重要 Network	OpenClaw	OpenClaw	OpenClawにおけるスプーフィングによる認証回避に関する脆弱性	CWE-290 スプーフィングによる認証回避	CVE-2026-53857	2026-06-22 11:47	2026-06-16	Show	GitHub Exploit DB Packet Storm

1220	7.1	重要 Local	OpenClaw	OpenClaw	OpenClawにおける信頼できない検索パスに関する脆弱性	CWE-426 信頼性のない検索パス	CVE-2026-53858	2026-06-22 11:47	2026-06-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1051	4.9	MEDIUM Network	-	-	Gogs is an open source self-hosted Git service. Prior to 0.14.3, a malicious user with rights to create a new file on a repository or wiki page can trigger a denial of service condition in which the …	CWE-20 Improper Input Validation	CVE-2025-64719	2026-06-26 06:16	2026-06-25	Show	GitHub Exploit DB Packet Storm

1052	5.5	MEDIUM Local	-	-	Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit	CWE-88 Argument Injection	CVE-2026-11968	2026-06-26 05:21	2026-06-24	Show	GitHub Exploit DB Packet Storm

1053	8.0	HIGH Network	-	-	py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, w…	CWE-59 Link Following	CVE-2026-23879	2026-06-26 05:21	2026-06-25	Show	GitHub Exploit DB Packet Storm

1054	7.2	HIGH Network	-	-	3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by …	CWE-73 External Control of File Name or Path	CVE-2026-55477	2026-06-26 05:21	2026-06-26	Show	GitHub Exploit DB Packet Storm

1055	3.5	LOW Network	-	-	HCL Connections contains a broken access control vulnerability that may allow an unauthorized user to view data in a single specific scenario.	CWE-284 CWE-319 Improper Access Control Cleartext Transmission of Sensitive Information	CVE-2025-15619	2026-06-26 05:20	2026-06-24	Show	GitHub Exploit DB Packet Storm

1056	7.6	HIGH Network	-	-	A flaw in AngularJS' Strict Contextual Escaping (SCE) logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's b…	CWE-791 Incomplete Filtering of Special Elements	CVE-2026-11998	2026-06-26 05:20	2026-06-25	Show	GitHub Exploit DB Packet Storm

1057	2.5	LOW Local	cacti	cacti	Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric value…	CWE-474 Use of Function with Inconsistent Implementations	CVE-2026-39894	2026-06-26 05:19	2026-06-25	Show	GitHub Exploit DB Packet Storm

1058	7.6	HIGH Network	-	-	Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the AI agent monitor's …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-55583	2026-06-26 05:18	2026-06-25	Show	GitHub Exploit DB Packet Storm

1059	9.6	CRITICAL Network	-	-	immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows a…	CWE-79 CWE-601 Cross-site Scripting Open Redirect	CVE-2026-53662	2026-06-26 05:18	2026-06-24	Show	GitHub Exploit DB Packet Storm

1060	9.0	CRITICAL Network	-	-	LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-54157	2026-06-26 05:18	2026-06-24	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed