Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 15, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
133931 6.5 警告
Network 		シスコシステムズ Cisco Unified Communications Manager
Cisco Unified Communications Manager IM and Presence Service 		複数の Cisco Unified Communications Manager 製品における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2021-1355 2021-10-11 14:07 2021-01-20 Show GitHub Exploit DB Packet Storm
133932 6.5 警告
Network 		シスコシステムズ Cisco Unified Communications Manager
Cisco Unified Communications Manager IM and Presence Service 		複数の Cisco Unified Communications Manager 製品におけるパストラバーサルに関する脆弱性 CWE-35
パストラバーサル 		CVE-2021-1357 2021-10-11 13:57 2021-01-20 Show GitHub Exploit DB Packet Storm
133933 4.9 警告
Network 		シスコシステムズ Cisco Unified Communications Manager
Cisco Unified Communications Manager IM and Presence Service 		複数の Cisco Unified Communications Manager 製品における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2021-1364 2021-10-11 13:47 2021-01-20 Show GitHub Exploit DB Packet Storm
133934 8 重要
Adjacent 		Weaveworks Weave Net Weave Net における不要な特権による実行に関する脆弱性 CWE-250
不要な特権による実行 		CVE-2020-26278 2021-10-8 18:11 2020-12-17 Show GitHub Exploit DB Packet Storm
133935 5.3 警告
Network 		シスコシステムズ Cisco Umbrella 仮想アプライアンス Cisco Umbrella における制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2021-1350 2021-10-8 18:11 2021-01-20 Show GitHub Exploit DB Packet Storm
133936 7.8 重要
Local 		チェック・ポイント・ソフトウェア・テクノロジーズ SmartConsole Check Point SmartConsole における権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2020-6024 2021-10-8 18:11 2020-01-7 Show GitHub Exploit DB Packet Storm
133937 5.9 警告
Network 		STMicroelectronics STM32CubeH7
STM32CubeF2
STM32CubeIDE
STM32CubeF3
STM32CubeF4
STM32CubeF1
STM32CubeF7
STM32CubeF0
STM32CubeG4
STM32CubeG0 		STM32Cube デバイスにおける暗号アルゴリズムの使用に関する脆弱性 CWE-327
不完全、または危険な暗号アルゴリズムの使用 		CVE-2020-20949 2021-10-8 18:11 2020-08-13 Show GitHub Exploit DB Packet Storm
133938 9.8 緊急
Network 		EGavilan Media User Registration & Login System with Admin Panel EgavilanMedia User Registration & Login System における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2020-35263 2021-10-8 18:02 2020-11-17 Show GitHub Exploit DB Packet Storm
133939 8.8 重要
Network 		Cake Software Foundation CakePHP CakePHP におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2020-35239 2021-10-8 18:02 2020-12-7 Show GitHub Exploit DB Packet Storm
133940 7.5 重要
Network 		projectsend.org ProjectSend ProjectSend における認証に関する脆弱性 CWE-287
CWE-404
CVE-2020-28874 2021-10-8 18:02 2020-11-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 16, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
71 9.8 CRITICAL
Network 		apache cxf Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity res… New CWE-611
XXE 		CVE-2026-49875 2026-06-16 01:32 2026-06-12 Show GitHub Exploit DB Packet Storm
72 6.5 MEDIUM
Network 		google chrome Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr… New CWE-125
Out-of-bounds Read 		CVE-2026-12026 2026-06-16 01:32 2026-06-12 Show GitHub Exploit DB Packet Storm
73 8.2 HIGH
Network 		axios axios Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream… Update CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-44490 2026-06-16 01:31 2026-06-12 Show GitHub Exploit DB Packet Storm
74 7.5 HIGH
Network 		- - Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed c… New CWE-78
OS Command  		CVE-2026-9863 2026-06-16 01:16 2026-06-16 Show GitHub Exploit DB Packet Storm
75 9.8 CRITICAL
Network 		- - Fortra's  Core Privileged Access Manager (BoKS) contains an OS command injection vulnerability in the boks_autoregisterd service. A remote attacker with network access to the service may be able to c… New CWE-78
OS Command  		CVE-2026-9862 2026-06-16 01:16 2026-06-16 Show GitHub Exploit DB Packet Storm
76 5.3 MEDIUM
Network 		- - Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This l… New CWE-346
CWE-441
 Origin Validation Error
Confused Deputy 		CVE-2026-9595 2026-06-16 01:16 2026-06-16 Show GitHub Exploit DB Packet Storm
77 5.4 MEDIUM
Network 		- - The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticat… New - CVE-2026-9278 2026-06-16 01:16 2026-06-15 Show GitHub Exploit DB Packet Storm
78 3.4 LOW
Network 		- - The Store Locator WordPress plugin before 1.6.9 does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from… New CWE-22
Path Traversal 		CVE-2026-9062 2026-06-16 01:16 2026-06-13 Show GitHub Exploit DB Packet Storm
79 3.5 LOW
Network 		- - The Store Locator WordPress plugin before 1.6.9 does not sanitize and escape store logo metadata before storing it and outputting it on the Store Locator WordPress plugin before 1.6.9 admin page, all… New CWE-79
Cross-site Scripting 		CVE-2026-9061 2026-06-16 01:16 2026-06-13 Show GitHub Exploit DB Packet Storm
80 6.5 MEDIUM
Network 		- - Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application … New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-8683 2026-06-16 01:16 2026-06-16 Show GitHub Exploit DB Packet Storm