Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
133071 8.8 重要
Network 		フォーティネット Fortiweb FortiWeb における書式文字列に関する脆弱性 CWE-134
書式文字列の問題 		CVE-2020-29018 2021-09-22 15:11 2020-11-24 Show GitHub Exploit DB Packet Storm
133072 8.8 重要
Network 		フォーティネット FortiDeceptor FortiDeceptor における OS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2020-29017 2021-09-22 15:11 2020-11-24 Show GitHub Exploit DB Packet Storm
133073 9.8 緊急
Network 		フォーティネット Fortiweb FortiWeb における境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2020-29016 2021-09-22 15:11 2020-11-24 Show GitHub Exploit DB Packet Storm
133074 9.8 緊急
Network 		フォーティネット Fortiweb FortiWeb における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2020-29015 2021-09-22 15:11 2020-11-24 Show GitHub Exploit DB Packet Storm
133075 5.4 警告
Network 		Skyworth Digital Holdings Ltd. GN542VF ファームウェア SKYWORTH GN542VF におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2020-26733 2021-09-22 15:11 2020-10-7 Show GitHub Exploit DB Packet Storm
133076 5.3 警告
Network 		WP Ninjas, LLC. Ninja Forms WordPress 用 Ninja Forms プラグインにおけるエンコードおよびエスケープに関する脆弱性 CWE-116
不適切なエンコード、または出力のエスケープ 		CVE-2020-36173 2021-09-22 14:52 2020-09-18 Show GitHub Exploit DB Packet Storm
133077 6.5 警告
Network 		WP Ninjas, LLC. Ninja Forms WordPress 用 Ninja Forms プラグインにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2020-36174 2021-09-22 14:41 2020-09-17 Show GitHub Exploit DB Packet Storm
133078 8.8 重要
Network 		アドビシステムズ Adobe Acrobat DC
Adobe Acrobat
Adobe Acrobat Reader DC 		Adobe Reader および Acrobat における解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2021-28553 2021-09-22 10:58 2021-05-11 Show GitHub Exploit DB Packet Storm
133079 3.3
Local 		Huawei P30 ファームウェア Huawei P30 におけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2020-9203 2021-09-21 18:03 2020-12-30 Show GitHub Exploit DB Packet Storm
133080 5.3 警告
Network 		Huawei EMUI
Magic UI 		複数の Huawei スマートフォンにおける重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2020-9143 2021-09-21 18:03 2020-02-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
151 8.5 HIGH
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstre… New CWE-20
 Improper Input Validation  		CVE-2026-47201 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
152 8.8 HIGH
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured… New CWE-287
Improper Authentication 		CVE-2026-49443 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
153 9.8 CRITICAL
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions … New CWE-287
Improper Authentication 		CVE-2026-49448 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
154 8.0 HIGH
Network 		- - alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script en… New CWE-863
 Incorrect Authorization 		CVE-2026-35482 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
155 7.1 HIGH
Local 		- - Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability aff… New CWE-476
 NULL Pointer Dereference 		CVE-2026-8035 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
156 7.1 HIGH
Local 		- - Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p… New CWE-1285
 Improper Validation of Specified Index, Position, or Offset in Input 		CVE-2026-8036 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
157 7.1 HIGH
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys mana… New CWE-862
 Missing Authorization 		CVE-2026-31942 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
158 9.6 CRITICAL
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga… New CWE-200
Information Exposure 		CVE-2026-32625 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
159 6.5 MEDIUM
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a… New CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-44653 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
160 - - - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o… New CWE-863
 Incorrect Authorization 		CVE-2026-44654 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm