Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
133011	6.1	警告 Network	nopCommerce	nopCommerce	nopCommerce におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2021-26916	2021-10-26 13:52	2021-02-15	Show	GitHub Exploit DB Packet Storm

133012	5.9	警告 Network	Tenable, Inc.	Nessus AMI	Nessus AMI における証明書検証に関する脆弱性	CWE-295 不正な証明書検証	CVE-2020-5812	2021-10-26 13:52	2020-10-28	Show	GitHub Exploit DB Packet Storm

133013	-	-	トレンドマイクロ	ウイルスバスター Apex One ウイルスバスタービジネスセキュリティサービスウイルスバスタービジネスセキュリティ	トレンドマイクロ製企業向けエンドポイントセキュリティ製品における権限昇格の脆弱性	-	-	2021-10-26 10:59	2021-10-25	Show	GitHub Exploit DB Packet Storm

133014	7.5	重要 Network	マイクロソフト	Microsoft .NET Framework	.NET Framework におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2021-24111	2021-10-26 10:46	2021-02-9	Show	GitHub Exploit DB Packet Storm

133015	6.1	警告 Network	SDG Technologies	Plug and Play SCADA	PNPSCADA におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2020-24842	2021-10-25 18:06	2020-08-28	Show	GitHub Exploit DB Packet Storm

133016	7.5	重要 Network	Fedora Project Genivia	Fedora gSOAP	Genivia gSOAP における NULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2020-13578	2021-10-25 18:06	2020-11-20	Show	GitHub Exploit DB Packet Storm

133017	7.5	重要 Network	Fedora Project Genivia	Fedora gSOAP	Genivia gSOAP における NULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2020-13577	2021-10-25 18:06	2020-11-20	Show	GitHub Exploit DB Packet Storm

133018	9.8	緊急 Network	Fedora Project Genivia	Fedora gSOAP	Genivia gSOAP における整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2020-13576	2021-10-25 18:06	2020-11-20	Show	GitHub Exploit DB Packet Storm

133019	7.5	重要 Network	IBM	Security Verify Information Queue	IBM Security Verify Information Queue におけるエンコードおよびエスケープに関する脆弱性	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2021-20405	2021-10-25 18:06	2021-02-4	Show	GitHub Exploit DB Packet Storm

133020	5.3	警告 Network	IBM	Security Verify Information Queue	IBM Security Verify Information Queue における脆弱性	CWE-noinfo 情報不足	CVE-2021-20404	2021-10-25 18:05	2021-02-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
711	8.6	HIGH Network	-	-	Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati… New	CWE-918 CWE-1286 CWE-1389 Server-Side Request Forgery (SSRF) Improper Validation of Syntactic Correctness of Input	CVE-2026-50131	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

712	6.5	MEDIUM Network	-	-	IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against… New	CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax	CVE-2026-4096	2026-06-12 01:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

713	3.7	LOW Network	-	-	Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.1… New	CWE-208 Information Exposure Through Timing Discrepancy	CVE-2026-48011	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

714	5.3	MEDIUM Network	-	-	Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST me… New	CWE-287 Improper Authentication	CVE-2026-46705	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

715	7.5	HIGH Network	-	-	libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j… New	CWE-20 CWE-400 CWE-401 Improper Input Validation Uncontrolled Resource Consumption Missing Release of Memory after Effective Lifetime	CVE-2026-46679	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

716	7.5	HIGH Network	-	-	Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-46673	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

717	3.6	LOW Local	-	-	bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo… New	CWE-22 CWE-193 Path Traversal Off-by-one Error	CVE-2026-45380	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

718	5.4	MEDIUM Network	-	-	IBM Langflow Desktop 1.0.0 through 1.9.2 IBM Langflow is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, pote… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-3341	2026-06-12 01:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

719	9.8	CRITICAL Network	-	-	SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) … New	CWE-89 SQL Injection	CVE-2026-38581	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

720	9.9	CRITICAL Network	-	-	Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.… New	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-11839	2026-06-12 01:16	2026-06-12	Show	GitHub Exploit DB Packet Storm