Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
134321	9.8	緊急 Network	geojson2kml	geojson2kml	geojson2kml における OS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2020-28429	2021-11-11 17:13	2020-12-11	Show	GitHub Exploit DB Packet Storm

134322	7.5	重要 Network	KACO new energy	XP100U ファームウェア	KACO New Energy XP100U における認証情報の不十分な保護に関する脆弱性	CWE-522 認証情報の不十分な保護	CVE-2021-3252	2021-11-11 17:13	2021-01-18	Show	GitHub Exploit DB Packet Storm

134323	8.2	重要 Local	レッドハット Fedora Project GNU Project	grub2 Fedora Red Hat Enterprise Linux Red Hat Enterprise Linux Server Red Hat Enterprise Linux Workstation	grub2 における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2020-25632	2021-11-11 17:00	2020-09-16	Show	GitHub Exploit DB Packet Storm

134324	7.6	重要 Physics	GNU Project Fedora Project レッドハット	Fedora Red Hat Enterprise Linux Workstation Red Hat Enterprise Linux Server grub2 Red Hat Enterprise Linux	grub2 における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2020-25647	2021-11-11 16:51	2020-10-9	Show	GitHub Exploit DB Packet Storm

134325	6.7	警告 Local	GNU Project Fedora Project レッドハット	Fedora Red Hat Enterprise Linux Workstation Red Hat Enterprise Linux Server grub2 Red Hat Enterprise Linux	grub2 における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2020-27749	2021-11-11 16:48	2020-11-20	Show	GitHub Exploit DB Packet Storm

134326	8.8	重要 Network	Tenable, Inc.	Tenable.Sc	Tenable.sc および Tenable.sc Core における信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2021-20076	2021-11-11 16:42	2021-03-2	Show	GitHub Exploit DB Packet Storm

134327	9.8	緊急 Network	unicode project	unicode	Unicode におけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2021-42574	2021-11-11 16:35	2021-11-9	Show	GitHub Exploit DB Packet Storm

134328	9.8	緊急 Network	unicode project	unicode	Unicode におけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2021-42694	2021-11-11 16:35	2021-11-9	Show	GitHub Exploit DB Packet Storm

134329	6.7	警告 Local	GNU Project Fedora Project レッドハット	Fedora Red Hat Enterprise Linux Workstation Red Hat Enterprise Linux Server grub2 Red Hat Enterprise Linux	grub2 における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2021-20225	2021-11-11 16:35	2021-02-3	Show	GitHub Exploit DB Packet Storm

134330	8.2	重要 Local	GNU Project Fedora Project レッドハット	Fedora Red Hat Enterprise Linux Workstation Red Hat Enterprise Linux Server grub2 Red Hat Enterprise Linux	grub2 における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2021-20233	2021-11-11 16:21	2021-02-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
661	5.4	MEDIUM Network	-	-	AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to , the `POST /api/integrations/webhooks/{webhook_id}/ping` endpoint … New	CWE-284 CWE-639 Improper Access Control Authorization Bypass Through User-Controlled Key	CVE-2026-56823	2026-06-27 03:13	2026-06-27	Show	GitHub Exploit DB Packet Storm

662	5.3	MEDIUM Network	-	-	Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership… New	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2026-55686	2026-06-27 03:13	2026-06-27	Show	GitHub Exploit DB Packet Storm

663	9.1	CRITICAL Network	deno	deno	Deno is a JavaScript, TypeScript, and WebAssembly runtime. From 2.0.0 until 2.7.8, a flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext … New	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2026-44726	2026-06-27 03:11	2026-06-24	Show	GitHub Exploit DB Packet Storm

664	5.4	MEDIUM Network	gitlab	gitlab	GitLab has remediated an issue in GitLab EE affecting all versions from 18.6 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1 that under certain conditions could have allowed an authenticat… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-5309	2026-06-27 03:05	2026-06-25	Show	GitHub Exploit DB Packet Storm

665	8.1	HIGH Network	caddyserver	caddy	Caddy is an extensible server platform that uses TLS by default. From 2.7.0 until 2.11.3, the FastCGI transport's splitPos() in modules/caddyhttp/reverseproxy/fastcgi/fastcgi.go misuses golang.org/x/… New	CWE-20 CWE-176 CWE-178 Improper Input Validation Improper Handling of Unicode Encoding Improper Handling of Case Sensitivity	CVE-2026-45135	2026-06-27 03:04	2026-06-24	Show	GitHub Exploit DB Packet Storm

666	3.8	LOW Network	caddyserver	caddy	Caddy is an extensible server platform that uses TLS by default. From 2.4.0 until 2.11.3, the authorization layer and the /config traversal layer do not agree on what object the path refers to. In th… New	CWE-187 CWE-863 Partial String Comparison Incorrect Authorization	CVE-2026-45692	2026-06-27 03:01	2026-06-24	Show	GitHub Exploit DB Packet Storm

667	8.8	HIGH Network	-	-	Pagekit CMS 1.0.18 contains a privilege escalation vulnerability that allows authenticated users with the 'user: manage users' permission to escalate privileges by assigning arbitrary custom roles to… New	CWE-862 Missing Authorization	CVE-2026-57518	2026-06-27 02:49	2026-06-27	Show	GitHub Exploit DB Packet Storm

668	6.5	MEDIUM Network	joomlaworks	k2	The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/` New	CWE-862 Missing Authorization	CVE-2026-48941	2026-06-27 02:44	2026-06-26	Show	GitHub Exploit DB Packet Storm

669	6.1	MEDIUM Network	joomlaworks	k2	K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping. New	CWE-79 Cross-site Scripting	CVE-2026-48942	2026-06-27 02:44	2026-06-26	Show	GitHub Exploit DB Packet Storm

670	6.5	MEDIUM Network	joomlaworks	k2	K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, … New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-48943	2026-06-27 02:43	2026-06-26	Show	GitHub Exploit DB Packet Storm