Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 9, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
132631	6.1	警告 Network	oauth2_proxy project	oauth2_proxy	OAuth2 Proxy におけるオープンリダイレクトの脆弱性	CWE-601 オープンリダイレクト	CVE-2021-21291	2021-10-19 17:23	2021-02-2	Show	GitHub Exploit DB Packet Storm

132632	8.3	重要 Network	Debian Mechanize project Fedora Project	Mechanize Fedora Debian GNU/Linux	Mechanize における OS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2021-21289	2021-10-19 17:23	2021-02-2	Show	GitHub Exploit DB Packet Storm

132633	5.9	警告 Network	libpod project	podman (旧 libpod)	Podman における同一生成元ポリシー違反に関する脆弱性	CWE-346 同一生成元ポリシー違反	CVE-2021-20199	2021-10-19 17:23	2021-01-21	Show	GitHub Exploit DB Packet Storm

132634	9.1	緊急 Network	loklak project	loklak	loklak におけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2020-15097	2021-10-19 17:23	2020-07-3	Show	GitHub Exploit DB Packet Storm

132635	8.8	重要 Network	Peerigon	angular-expressions	angular-expressions におけるインジェクションに関する脆弱性	CWE-74 インジェクション	CVE-2021-21277	2021-10-19 17:23	2021-01-29	Show	GitHub Exploit DB Packet Storm

132636	9.3	緊急 Network	Polr Project	Polr	Polr における不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2021-21276	2021-10-19 17:23	2021-01-29	Show	GitHub Exploit DB Packet Storm

132637	3.3	低 Local	GNOME Project	Evolution	GNOME Evolution におけるデータの信頼性についての不十分な検証に関する脆弱性	CWE-345 データの信頼性についての不十分な検証	CVE-2021-3349	2021-10-19 17:23	2021-02-1	Show	GitHub Exploit DB Packet Storm

132638	7.8	重要 Local	ヒューレット・パッカード・エンタープライズ	HPE Cloudline CL3100 Gen10 Server ファームウェア HPE Cloudline CL5200 Gen9 Server ファームウェア HPE Cloudline CL5800 Gen10 Server フ…	複数の HPE Cloudline 製品における古典的バッファオーバーフローの脆弱性	CWE-120 古典的バッファオーバーフロー	CVE-2021-25123	2021-10-19 17:23	2021-01-21	Show	GitHub Exploit DB Packet Storm

132639	6.5	警告 Network	Tendermint	Tendermint	Tendermint Core におけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2021-21271	2021-10-19 17:23	2021-01-19	Show	GitHub Exploit DB Packet Storm

132640	8.8	重要 Network	easycms	EasyCMS	EasyCMS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2020-24271	2021-10-19 17:17	2020-08-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 9, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
51	10.0	CRITICAL Network	-	-	Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro fo… Update	CWE-1284 Improper Validation of Specified Quantity in Input	CVE-2026-49777	2026-06-9 02:16	2026-06-5	Show	GitHub Exploit DB Packet Storm

52	-		-	-	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode_form_part/2 … New	CWE-93 CRLF Injection	CVE-2026-49756	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

53	-		-	-	Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo… New	CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)	CVE-2026-49755	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

54	7.1	HIGH Network	-	-	Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the … New	CWE-863 Incorrect Authorization	CVE-2026-48507	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

55	7.1	HIGH Network	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tok… New	CWE-212 CWE-613 Improper Removal of Sensitive Information Before Storage or Transfer Insufficient Session Expiration	CVE-2026-46657	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

56	-		-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSetti… New	CWE-79 CWE-522 CWE-922 Cross-site Scripting Insufficiently Protected Credentials Insecure Storage of Sensitive Information	CVE-2026-46511	2026-06-9 02:16	2026-06-6	Show	GitHub Exploit DB Packet Storm

57	8.3	HIGH Network	-	-	OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST … New	CWE-201 Insertion of Sensitive Information Into Sent Data	CVE-2026-46481	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

58	-		-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover.… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46480	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

59	-		-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeove… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46479	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm

60	-		-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover.… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-46475	2026-06-9 02:16	2026-06-9	Show	GitHub Exploit DB Packet Storm