Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
133161 5.4 警告
Network 		IBM IBM Engineering Requirements Quality Assistant On-Premises
Engineering Insights
Engineering Lifecycle Management
Rational Engineering Lifecy… 		IBM Jazz Foundation におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-20506 2021-12-1 17:37 2021-03-29 Show GitHub Exploit DB Packet Storm
133162 5.4 警告
Network 		IBM IBM Engineering Requirements Quality Assistant On-Premises
Engineering Insights
Engineering Lifecycle Management
Rational Engineering Lifecy… 		IBM Jazz Foundation におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-20504 2021-12-1 17:37 2021-03-29 Show GitHub Exploit DB Packet Storm
133163 5.4 警告
Network 		IBM IBM Engineering Requirements Quality Assistant On-Premises
Engineering Insights
Engineering Lifecycle Management
Rational Engineering Lifecy… 		IBM Jazz Foundation におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-20503 2021-12-1 17:37 2021-03-29 Show GitHub Exploit DB Packet Storm
133164 7.1 重要
Network 		IBM IBM Engineering Requirements Quality Assistant On-Premises
Engineering Insights
Engineering Lifecycle Management
Rational Engineering Lifecy… 		IBM Jazz Foundation における XML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2021-20502 2021-12-1 17:37 2021-03-29 Show GitHub Exploit DB Packet Storm
133165 5.4 警告
Network 		IBM IBM Engineering Requirements Quality Assistant On-Premises
Engineering Insights
Engineering Lifecycle Management
Rational Engineering Lifecy… 		IBM Jazz Foundation におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-20447 2021-12-1 17:37 2021-03-29 Show GitHub Exploit DB Packet Storm
133166 5.4 警告
Network 		IBM IBM Engineering Requirements Quality Assistant On-Premises
Engineering Insights
Engineering Lifecycle Management
Rational Engineering Lifecy… 		IBM Jazz Foundation におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-20352 2021-12-1 17:37 2021-03-29 Show GitHub Exploit DB Packet Storm
133167 8.8 重要
Network 		OpenWrt Project OpenWrt OpenWrt におけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2021-28961 2021-12-1 17:36 2021-02-18 Show GitHub Exploit DB Packet Storm
133168 9.8 緊急
Network 		SOPlanning SOPlanning SOPlanning における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2020-13963 2021-12-1 17:36 2020-07-21 Show GitHub Exploit DB Packet Storm
133169 7.2 重要
Network 		Atlassian Data Center
JIRA 		Atlassian Jira Server および Data Center における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2021-26070 2021-12-1 17:36 2021-02-4 Show GitHub Exploit DB Packet Storm
133170 5.3 警告
Network 		Debian
Shibboleth		 Debian GNU/Linux
Shibboleth Service Provider 		Shibboleth Service Provider におけるインジェクションに関する脆弱性 CWE-74
インジェクション 		CVE-2021-28963 2021-12-1 17:36 2021-03-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1421 - - - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel. CWE-79
Cross-site Scripting 		CVE-2026-50709 2026-06-25 23:04 2026-06-25 Show GitHub Exploit DB Packet Storm
1422 - - - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component. CWE-79
Cross-site Scripting 		CVE-2026-50710 2026-06-25 23:04 2026-06-25 Show GitHub Exploit DB Packet Storm
1423 - - - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component. CWE-79
Cross-site Scripting 		CVE-2026-50711 2026-06-25 23:04 2026-06-25 Show GitHub Exploit DB Packet Storm
1424 - - - A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component CWE-79
Cross-site Scripting 		CVE-2026-50712 2026-06-25 23:04 2026-06-25 Show GitHub Exploit DB Packet Storm
1425 8.7 HIGH
Network 		- - Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitrary victim accounts based on email match without v… CWE-287
Improper Authentication 		CVE-2026-56223 2026-06-25 23:03 2026-06-24 Show GitHub Exploit DB Packet Storm
1426 8.8 HIGH
Network 		- - Capgo before 12.128.2 fails to enforce limited_to_orgs and limited_to_apps constraints on subkeys provided via x-limited-key-id header in middlewareKey function. Attackers can bypass subkey scope res… CWE-863
 Incorrect Authorization 		CVE-2026-56232 2026-06-25 23:03 2026-06-24 Show GitHub Exploit DB Packet Storm
1427 9.1 CRITICAL
Network 		- - Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are se… CWE-287
Improper Authentication 		CVE-2026-56237 2026-06-25 23:03 2026-06-24 Show GitHub Exploit DB Packet Storm
1428 7.1 HIGH
Network 		- - Capgo before 12.128.2 allows non-admin API keys to read webhook signing secrets via Supabase REST due to insufficient row-level security policies on the webhooks table. Attackers can retrieve the web… CWE-200
Information Exposure 		CVE-2026-56244 2026-06-25 23:03 2026-06-24 Show GitHub Exploit DB Packet Storm
1429 8.2 HIGH
Network 		- - Supabase Capgo before 12.128.2 contains an authorization bypass vulnerability in the SECURITY DEFINER record_build_time RPC function that allows unauthenticated attackers to insert arbitrary build-ti… CWE-269
 Improper Privilege Management 		CVE-2026-56245 2026-06-25 23:03 2026-06-24 Show GitHub Exploit DB Packet Storm
1430 7.1 HIGH
Network 		- - Capgo before 12.128.2 enforces mandatory two-factor authentication only at the UI level. Sensitive Organization (ORG) management API endpoints (e.g., editing organization details, inviting users) do … CWE-602
 Client-Side Enforcement of Server-Side Security 		CVE-2026-56256 2026-06-25 23:03 2026-06-24 Show GitHub Exploit DB Packet Storm