Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 20, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
133871	8.8	重要 Network	Peerigon	angular-expressions	angular-expressions におけるインジェクションに関する脆弱性	CWE-74 インジェクション	CVE-2021-21277	2021-10-19 17:23	2021-01-29	Show	GitHub Exploit DB Packet Storm

133872	9.3	緊急 Network	Polr Project	Polr	Polr における不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2021-21276	2021-10-19 17:23	2021-01-29	Show	GitHub Exploit DB Packet Storm

133873	3.3	低 Local	GNOME Project	Evolution	GNOME Evolution におけるデータの信頼性についての不十分な検証に関する脆弱性	CWE-345 データの信頼性についての不十分な検証	CVE-2021-3349	2021-10-19 17:23	2021-02-1	Show	GitHub Exploit DB Packet Storm

133874	7.8	重要 Local	ヒューレット・パッカード・エンタープライズ	HPE Cloudline CL3100 Gen10 Server ファームウェア HPE Cloudline CL5200 Gen9 Server ファームウェア HPE Cloudline CL5800 Gen10 Server フ…	複数の HPE Cloudline 製品における古典的バッファオーバーフローの脆弱性	CWE-120 古典的バッファオーバーフロー	CVE-2021-25123	2021-10-19 17:23	2021-01-21	Show	GitHub Exploit DB Packet Storm

133875	6.5	警告 Network	Tendermint	Tendermint	Tendermint Core におけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2021-21271	2021-10-19 17:23	2021-01-19	Show	GitHub Exploit DB Packet Storm

133876	8.8	重要 Network	easycms	EasyCMS	EasyCMS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2020-24271	2021-10-19 17:17	2020-08-5	Show	GitHub Exploit DB Packet Storm

133877	5	警告 Network	openHAB	openHAB	openHAB における XML 外部エンティティの脆弱性	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2021-21266	2021-10-19 17:10	2021-01-28	Show	GitHub Exploit DB Packet Storm

133878	8.8	重要 Network	WWBN	AVideo	AVideo プラットフォームにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2021-21286	2021-10-19 17:07	2021-01-30	Show	GitHub Exploit DB Packet Storm

133879	5.3	警告 Network	JetBrains	YouTrack	JetBrains YouTrack における不適切なデフォルトパーミッションに関する脆弱性	CWE-276 不適切なデフォルトパーミッション	CVE-2020-25208	2021-10-19 17:06	2020-09-9	Show	GitHub Exploit DB Packet Storm

133880	6.5	警告 Network	SolarWinds	Serv-U	SolarWinds Serv-U におけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2020-27994	2021-10-19 17:06	2020-12-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 20, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
581	-		-	-	Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post…	CWE-862 Missing Authorization	CVE-2026-10715	2026-06-16 05:55	2026-06-13	Show	GitHub Exploit DB Packet Storm

582	-		-	-	ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 are vulnerable to stored cross-site scripting via unsanitized user display name in draft version…	CWE-79 Cross-site Scripting	CVE-2026-45014	2026-06-16 05:54	2026-06-13	Show	GitHub Exploit DB Packet Storm

583	5.4	MEDIUM Network	-	-	ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use `allowedSchemesAp…	CWE-79 Cross-site Scripting	CVE-2026-53606	2026-06-16 05:54	2026-06-13	Show	GitHub Exploit DB Packet Storm

584	3.7	LOW Network	-	-	ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, when `prettyUrls: true` is enabled on `@apostrophecms/file` (a documented SEO feature for se…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-53607	2026-06-16 05:54	2026-06-13	Show	GitHub Exploit DB Packet Storm

585	9.1	CRITICAL Network	-	-	ApostropheCMS is an open-source Node.js content management system. In versions up to and including 4.30.0, `apos.util.set()` traverses dot-notation paths without sanitizing `__proto__`, allowing an a…	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2026-53609	2026-06-16 05:54	2026-06-13	Show	GitHub Exploit DB Packet Storm

586	7.8	HIGH Local	-	-	Insufficient Verification of Data Authenticity in Remote Control for Zoom Contact Center for Windows before version 7.0.0 may allow an authenticated user to enable an escalation of privilege via loca…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2026-53406	2026-06-16 05:52	2026-06-13	Show	GitHub Exploit DB Packet Storm

587	8.1	HIGH Network	-	-	Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privi…	CWE-939 Improper Authorization in Handler for Custom URL Scheme	CVE-2026-53407	2026-06-16 05:52	2026-06-13	Show	GitHub Exploit DB Packet Storm

588	6.5	MEDIUM Network	-	-	Allegra exportReport Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authe…	CWE-22 Path Traversal	CVE-2026-11442	2026-06-16 05:52	2026-06-13	Show	GitHub Exploit DB Packet Storm

589	4.6	MEDIUM Network	-	-	Allegra downloadAttachment Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to execute arbitrary script on affected installations of Allegra. User …	CWE-79 Cross-site Scripting	CVE-2026-11443	2026-06-16 05:52	2026-06-13	Show	GitHub Exploit DB Packet Storm

590	7.6	HIGH Network	-	-	Cap-go prior to 12.128.2 contains an account takeover vulnerability in its email change mechanism that allows an attacker with temporary authenticated session access to change the registered email ad…	CWE-306 Missing Authentication for Critical Function	CVE-2026-53981	2026-06-16 05:50	2026-06-13	Show	GitHub Exploit DB Packet Storm