Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 14, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
132351 6.5 警告
Network 		webdesktop webdesktop Webware Webdesktop におけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2021-3204 2021-11-9 15:15 2021-01-5 Show GitHub Exploit DB Packet Storm
132352 4.3 警告
Network 		マイクロソフト ModernFlow ModernFlow における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2021-3339 2021-11-9 15:15 2021-02-19 Show GitHub Exploit DB Packet Storm
132353 4.6 警告
Physics 		ownCloud ownCloud Android 用 ownCloud アプリケーションにおける重要な情報の平文保存に関する脆弱性 CWE-312
重要な情報の平文保存 		CVE-2020-36248 2021-11-9 15:15 2020-08-3 Show GitHub Exploit DB Packet Storm
132354 7.5 重要
Network 		HR Portal project HR Portal HR Portal of Soar Cloud System における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2021-22854 2021-11-9 15:15 2021-02-18 Show GitHub Exploit DB Packet Storm
132355 5.4 警告
Network 		HR Portal project HR Portal HR Portal of Soar Cloud System における権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2021-22853 2021-11-9 15:15 2021-02-18 Show GitHub Exploit DB Packet Storm
132356 6.5 警告
Local 		Xen プロジェクト
Debian
Linux		 Linux Kernel
Debian GNU/Linux
Xen 		Xen PV で使用される Linux Kernel における制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2021-28038 2021-11-9 14:47 2021-03-4 Show GitHub Exploit DB Packet Storm
132357 4.9 警告
Network 		Magento, Inc. UPWAR-php
UPWARD Connector 		Magento UPWARD-php および Magento UPWARD Connector におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2021-21064 2021-11-9 14:31 2021-02-23 Show GitHub Exploit DB Packet Storm
132358 8.8 重要
Network 		png-img png-img png-img における整数オーバーフローの脆弱性 CWE-190
CWE-787
CVE-2020-28248 2021-11-9 14:31 2020-10-6 Show GitHub Exploit DB Packet Storm
132359 6.1 警告
Network 		Google slashify Node.js 用 slashify パッケージにおけるオープンリダイレクトの脆弱性 CWE-601
オープンリダイレクト 		CVE-2021-3189 2021-11-9 14:31 2021-01-20 Show GitHub Exploit DB Packet Storm
132360 8.8 重要
Network 		SmartStore AG SmartStoreNET SmartStoreNET におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2020-27997 2021-11-9 14:31 2020-07-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
201 - - - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.78 and 9.9.1-alpha.2, Parse Server's GraphQL endpoint discloses schema me… New CWE-209
Information Exposure Through an Error Message 		CVE-2026-47248 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
202 4.3 MEDIUM
Network 		- - Solidtime is an open-source time-tracking app. Prior to version 0.12.2, Solidtime defines an explicit invitations:view and members:view permissions that gates the official invitations and members API… New CWE-863
 Incorrect Authorization 		CVE-2026-47236 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
203 - - - Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.77 and 9.9.1-alpha.1, an unauthenticated attacker who knows a publicly-kn… New CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2026-47138 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
204 8.8 HIGH
Network 		- - A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints vali… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42947 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
205 5.3 MEDIUM
Network 		- - Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endp… New CWE-340
 Generation of Predictable Numbers or Identifiers 		CVE-2026-42932 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
206 7.2 HIGH
Local 		- - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during … New CWE-61
CWE-367
 UNIX Symbolic Link (Symlink) Following
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-42306 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
207 6.1 MEDIUM
Local 		- - Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during … New CWE-81
CWE-367
 Improper Neutralization of Script in an Error Message Web Page
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-41568 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
208 9.8 CRITICAL
Network 		- - Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate … New CWE-321
 Use of Hard-coded Cryptographic Key 		CVE-2026-28742 2026-06-13 04:16 2026-06-13 Show GitHub Exploit DB Packet Storm
209 7.5 HIGH
Network 		axios axios Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured request and response size limits when requests were sent with the fetc… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-44488 2026-06-13 04:04 2026-06-12 Show GitHub Exploit DB Packet Storm
210 8.1 HIGH
Network 		apache cxf A further incomplete fix for a previous advisory CVE-2026-44417 (Untrusted JMS configuration can lead to RCE) for Apache CXF has been identified, which can allow code execution capabilities, if untru… New CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-50632 2026-06-13 03:58 2026-06-12 Show GitHub Exploit DB Packet Storm