Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
131291 9.8 緊急
Network 		Zoho Corporation ManageEngine EventLog Analyzer Zoho ManageEngine Eventlog Analyzer におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2021-28959 2022-01-6 16:21 2021-04-30 Show GitHub Exploit DB Packet Storm
131292 6.5 警告
Adjacent 		シスコシステムズ Cisco IOS XE Cisco IOS XE における範囲外のポインタオフセットの使用に関する脆弱性 CWE-823
範囲外のポインタオフセットの使用 		CVE-2021-1352 2022-01-6 16:16 2021-03-24 Show GitHub Exploit DB Packet Storm
131293 6.5 警告
Network 		Debian
WordPress.org		 Debian GNU/Linux
WordPress 		WordPress の Media Library における XML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2021-29447 2022-01-6 16:03 2021-04-15 Show GitHub Exploit DB Packet Storm
131294 6.5 警告
Network 		シスコシステムズ Cisco Jabber 複数の Cisco Jabber 製品における不適切な NULL による終了に関する脆弱性 CWE-170
不適切な NULL による終了 		CVE-2021-1418 2022-01-6 15:48 2021-03-24 Show GitHub Exploit DB Packet Storm
131295 9.9 緊急
Network 		シスコシステムズ Cisco Jabber 複数の Cisco Jabber 製品における不適切な NULL による終了に関する脆弱性 CWE-170
不適切な NULL による終了 		CVE-2021-1411 2022-01-6 15:48 2021-03-24 Show GitHub Exploit DB Packet Storm
131296 8.8 重要
Network 		3S-Smart Software Solutions CODESYS Automation Server CODESYS Automation Server におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2021-29238 2022-01-6 15:21 2021-04-28 Show GitHub Exploit DB Packet Storm
131297 6.1 警告
Network 		OPNsense project OPNsense OPNsense におけるオープンリダイレクトの脆弱性 CWE-601
オープンリダイレクト 		CVE-2020-23015 2022-01-6 15:09 2020-04-25 Show GitHub Exploit DB Packet Storm
131298 9.8 緊急
Network 		Beijing Guoju Information Technology Co., Ltd. JEECG JEECG における危険なタイプのファイルの無制限アップロードに関する脆弱性 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2020-23083 2022-01-6 14:53 2020-04-30 Show GitHub Exploit DB Packet Storm
131299 9.1 緊急
Network 		Apache Software Foundation
Quarkus		 Quarkus
Apache Maven 		Apache Maven における同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2021-26291 2022-01-6 14:34 2021-04-23 Show GitHub Exploit DB Packet Storm
131300 7.8 重要
Local 		Foxit Software Inc Foxit PhantomPDF
Foxit Reader 		Foxit Reader における二重解放に関する脆弱性 CWE-415
二重解放 		CVE-2021-31449 2022-01-6 14:22 2021-05-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
371 7.8 HIGH
Local 		imagemagick imagemagick ImageMagick before 7.1.2-19 contains an out-of-bounds access vulnerability in ConnectedComponentsImage() when processing connected-components artifacts with invalid indices. Attackers can trigger acc… New CWE-125
Out-of-bounds Read 		CVE-2026-56370 2026-06-27 06:50 2026-06-24 Show GitHub Exploit DB Packet Storm
372 7.5 HIGH
Network 		angularjs angularjs Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, a Denial of Service (DoS) vu… New CWE-400
CWE-1333
 Uncontrolled Resource Consumption
 Inefficient Regular Expression Complexity 		CVE-2026-54268 2026-06-27 06:36 2026-06-23 Show GitHub Exploit DB Packet Storm
373 9.8 CRITICAL
Network 		langflow langflow IBM Langflow OSS 1.0.0 through 1.8.4 could allow unauthenticated attackers to access protected MCP project resources and execute MCP operations due to improper authorization enforcement in the Stream… New CWE-287
NVD-CWE-noinfo
Improper Authentication 		CVE-2026-7664 2026-06-27 06:29 2026-06-23 Show GitHub Exploit DB Packet Storm
374 6.1 MEDIUM
Network 		ibm datacap
datacap_navigator 		IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary J… New CWE-79
Cross-site Scripting 		CVE-2026-8059 2026-06-27 06:27 2026-06-23 Show GitHub Exploit DB Packet Storm
375 7.5 HIGH
Network 		ibm datacap
datacap_navigator 		IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 allows an attacker to retrieve user passwords and cryptographic keys from memory. Attacker can use the same keys … New CWE-316
 Cleartext Storage of Sensitive Information in Memory 		CVE-2026-8636 2026-06-27 06:20 2026-06-23 Show GitHub Exploit DB Packet Storm
376 5.3 MEDIUM
Network 		ibm datacap
datacap_navigator 		IBM Datacap 9.1.7, 9.1.8, and 9.1.9 and IBM Datacap Navigator 9.1.7, 9.1.8, and 9.1.9 exposes resources or functionality that isn't linked in the UI but is accessible by directly requesting the URL, … New CWE-425
 Direct Request ('Forced Browsing') 		CVE-2026-9610 2026-06-27 06:19 2026-06-23 Show GitHub Exploit DB Packet Storm
377 8.5 HIGH
Network 		- - Budibase is an open-source low-code platform. Prior to 3.39.9, authenticated users with automation permissions can bypass Budibase's SSRF blacklist through DNS rebinding. The outbound fetch flow vali… New CWE-367
CWE-918
 Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)  		CVE-2026-54353 2026-06-27 06:16 2026-06-27 Show GitHub Exploit DB Packet Storm
378 8.2 HIGH
Network 		- - Budibase is an open-source low-code platform. Prior to 3.39.9, the webhook trigger endpoint in Budibase is publicly accessible and passes the full HTTP request body into automation execution paramete… New CWE-915
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-54351 2026-06-27 06:16 2026-06-27 Show GitHub Exploit DB Packet Storm
379 10.0 CRITICAL
Network 		- - Budibase is an open-source low-code platform. Prior to 3.39.12, an unauthenticated visitor of any published Budibase app reads every document of the backing MongoDB, CouchDB, Elasticsearch, DynamoDB… New CWE-89
CWE-943
SQL Injection
 Improper Neutralization of Special Elements in Data Query Logic 		CVE-2026-54350 2026-06-27 06:16 2026-06-27 Show GitHub Exploit DB Packet Storm
380 - - - Notepad++ is a free and open-source source code editor. Prior to 8.9.6.4, NppCommands.cpp checks the HMAC of the on-disk shortcuts.xml at the moment a user command fires (Time-of-Check). However, the… New CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-52885 2026-06-27 06:16 2026-06-27 Show GitHub Exploit DB Packet Storm