Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 13, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
132521 6.1 警告
Network 		Debian
Horde		 Horde Groupware
Debian GNU/Linux 		Horde Groupware Webmail Edition におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-26929 2021-11-4 16:00 2021-02-13 Show GitHub Exploit DB Packet Storm
132522 9.8 緊急
Network 		LimeSurvey LimeSurvey LimeSurvey における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2019-25019 2021-11-4 16:00 2019-10-8 Show GitHub Exploit DB Packet Storm
132523 6.1 警告
Network 		Web Based Quiz System project Web Based Quiz System Web Based Quiz System におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-28006 2021-11-4 15:40 2021-03-2 Show GitHub Exploit DB Packet Storm
132524 3.3
Local 		AutoTrace project AutoTrace autotrace における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2019-19004 2021-11-4 15:05 2019-11-15 Show GitHub Exploit DB Packet Storm
132525 7.5 重要
Network 		get-ip-range project get-ip-range Node.js 用 get-ip-range における脆弱性 CWE-noinfo
情報不足 		CVE-2021-27191 2021-11-4 15:05 2021-02-11 Show GitHub Exploit DB Packet Storm
132526 7.5 重要
Network 		PELCO Digital Sentry Server Pelco Digital Sentry Server における XML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2021-27184 2021-11-4 15:05 2021-02-11 Show GitHub Exploit DB Packet Storm
132527 7.5 重要
Network 		Teradici PCoIP Soft Client Teradici PCoIP Soft Client における NULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2021-25690 2021-11-4 15:05 2021-02-9 Show GitHub Exploit DB Packet Storm
132528 9.8 緊急
Network 		Teradici PCoIP Soft Client Teradici PCoIP soft client における境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2021-25689 2021-11-4 15:05 2021-02-9 Show GitHub Exploit DB Packet Storm
132529 5.5 警告
Local 		Teradici PCoIP Graphics Agent Windows および Linux 用 Teradici PCoIP Agents におけるログファイルからの情報漏えいに関する脆弱性 CWE-532
ログファイルからの情報漏えい 		CVE-2021-25688 2021-11-4 15:05 2021-02-9 Show GitHub Exploit DB Packet Storm
132530 6.1 警告
Network 		Ruby on Rails project
Fedora Project		 Rails
Fedora 		Action Pack におけるオープンリダイレクトの脆弱性 CWE-601
オープンリダイレクト 		CVE-2021-22881 2021-11-4 15:05 2021-02-10 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 13, 2026, 4:20 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
301 5.5 MEDIUM
Local 		apple macos This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.4. An app may be able to access protected user data. New CWE-59
Link Following 		CVE-2025-46293 2026-06-12 21:36 2026-06-12 Show GitHub Exploit DB Packet Storm
302 5.3 MEDIUM
Network 		apple ipados
iphone_os
macos 		An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4. An app may be able to leak sensitive user information. New CWE-284
Improper Access Control 		CVE-2025-46308 2026-06-12 21:36 2026-06-12 Show GitHub Exploit DB Packet Storm
303 7.5 HIGH
Network 		apple macos A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access protected user data. New CWE-284
Improper Access Control 		CVE-2025-46315 2026-06-12 21:35 2026-06-12 Show GitHub Exploit DB Packet Storm
304 8.1 HIGH
Network 		- - SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG … New CWE-79
CWE-434
Cross-site Scripting
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-46489 2026-06-12 20:16 2026-06-12 Show GitHub Exploit DB Packet Storm
305 9.8 CRITICAL
Network 		- - Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Ap… New CWE-917
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') 		CVE-2026-11561 2026-06-12 19:16 2026-06-11 Show GitHub Exploit DB Packet Storm
306 - - - QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: New CWE-472
 External Control of Assumed-Immutable Web Parameter 		CVE-2025-59382 2026-06-12 11:16 2026-06-10 Show GitHub Exploit DB Packet Storm
307 7.5 HIGH
Network 		nlnetlabs routinator When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes. Update CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2026-49235 2026-06-12 10:37 2026-06-9 Show GitHub Exploit DB Packet Storm
308 7.5 HIGH
Network 		nlnetlabs routinator Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name … Update CWE-22
Path Traversal 		CVE-2026-49233 2026-06-12 10:33 2026-06-9 Show GitHub Exploit DB Packet Storm
309 7.5 HIGH
Network 		nlnetlabs routinator When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted n… Update CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-49234 2026-06-12 10:28 2026-06-9 Show GitHub Exploit DB Packet Storm
310 6.5 MEDIUM
Network 		nsa ghidra Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation… New CWE-22
Path Traversal 		CVE-2026-52756 2026-06-12 10:18 2026-06-10 Show GitHub Exploit DB Packet Storm