Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 30, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
131371 5.3 警告
Network 		BTCPay Server BTCPay Server BTCPay Server における暗号の脆弱な PRNG の使用に関する脆弱性 CWE-338
暗号における脆弱な PRNG の使用 		CVE-2021-29245 2022-01-5 17:21 2021-03-30 Show GitHub Exploit DB Packet Storm
131372 6.7 警告
Local 		BTCPay Server BTCPay Server BTCPay Server におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2021-29246 2022-01-5 17:00 2021-03-30 Show GitHub Exploit DB Packet Storm
131373 9.8 緊急
Network 		klib project klibc klibc における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2021-31872 2022-01-5 16:48 2021-04-29 Show GitHub Exploit DB Packet Storm
131374 7.5 重要
Network 		klib project klibc klibc における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2021-31871 2022-01-5 16:48 2021-04-29 Show GitHub Exploit DB Packet Storm
131375 9.8 緊急
Network 		klib project klibc klibc における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2021-31870 2022-01-5 16:48 2021-04-29 Show GitHub Exploit DB Packet Storm
131376 6.5 警告
Network 		Open-Xchange OX App Suite OX App Suite におけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2020-28943 2022-01-5 16:43 2020-11-23 Show GitHub Exploit DB Packet Storm
131377 7.5 重要
Network 		gosaml2 project gosaml2 gosaml2 パッケージにおける NULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2020-7731 2022-01-5 16:43 2020-09-7 Show GitHub Exploit DB Packet Storm
131378 9.8 緊急
Network 		Ampache.org Ampache Ampache における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2020-15153 2022-01-5 16:43 2020-08-18 Show GitHub Exploit DB Packet Storm
131379 9.8 緊急
Network 		Ambarella Oryx RTSP Server Ambarella Oryx RTSP Server における古典的バッファオーバーフローの脆弱性 CWE-120
古典的バッファオーバーフロー 		CVE-2020-24918 2022-01-5 16:43 2020-08-14 Show GitHub Exploit DB Packet Storm
131380 7.5 重要
Network 		rkyv project rkyv Rust 用 rkyv crate における有効なライフタイム後のリソースの解放の欠如に関する脆弱性 CWE-772
有効なライフタイム後のリソースの解放の欠如 		CVE-2021-31919 2022-01-5 16:43 2021-04-28 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
381 7.5 HIGH
Network 		- - In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sen… Update - CVE-2026-52946 2026-06-29 15:16 2026-06-25 Show GitHub Exploit DB Packet Storm
382 6.3 MEDIUM
Network 		joomlaworks k2 The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload … Update CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-48946 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
383 5.3 MEDIUM
Network 		joomlaworks k2 The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (incl… Update CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-48945 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
384 6.5 MEDIUM
Network 		joomlaworks k2 The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and the… Update CWE-22
Path Traversal 		CVE-2026-48944 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
385 6.5 MEDIUM
Network 		joomlaworks k2 K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, … Update CWE-915
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-48943 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
386 6.1 MEDIUM
Network 		joomlaworks k2 K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping. Update CWE-79
Cross-site Scripting 		CVE-2026-48942 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
387 6.5 MEDIUM
Network 		joomlaworks k2 The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/` Update CWE-862
 Missing Authorization 		CVE-2026-48941 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
388 3.4 LOW
Network 		joomlaworks k2 A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped t… Update CWE-79
Cross-site Scripting 		CVE-2026-48940 2026-06-29 04:16 2026-06-26 Show GitHub Exploit DB Packet Storm
389 8.8 HIGH
Local 		- - In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_… New - CVE-2026-53322 2026-06-28 17:16 2026-06-27 Show GitHub Exploit DB Packet Storm
390 9.8 CRITICAL
Network 		- - In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison The local-vs-remote region comparison loop uses '<=' instead o… New - CVE-2026-53309 2026-06-28 17:16 2026-06-27 Show GitHub Exploit DB Packet Storm