Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
134341 4.4 警告
Local 		BigProf Online Invoicing System Online Invoicing System における CSV ファイル内の数式要素の中和に関する脆弱性 CWE-1236
CSV ファイル内の数式要素の不適切な中和 		CVE-2021-27839 2021-11-11 13:49 2021-02-27 Show GitHub Exploit DB Packet Storm
134342 4.8 警告
Network 		GLPI-PROJECT.ORG GLPI GLPI におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2021-21312 2021-11-11 13:43 2021-03-2 Show GitHub Exploit DB Packet Storm
134343 4.9 警告
Network 		GLPI-PROJECT.ORG GLPI GLPI におけるインジェクションに関する脆弱性 CWE-74
インジェクション 		CVE-2021-21313 2021-11-11 13:32 2021-03-2 Show GitHub Exploit DB Packet Storm
134344 7.5 重要
Network 		three three three パッケージにおけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2020-28496 2021-11-11 12:18 2020-11-12 Show GitHub Exploit DB Packet Storm
134345 9.8 緊急
Network 		rand プロジェクト rand_core RUST 用 rand_core crate における不十分なランダム値の使用に関する脆弱性 CWE-330
不十分なランダム値の使用 		CVE-2021-27378 2021-11-11 12:18 2021-02-12 Show GitHub Exploit DB Packet Storm
134346 9.8 緊急
Network 		YottaDB yottadb RUST 用 yottadb crate における解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2021-27377 2021-11-11 12:18 2021-02-9 Show GitHub Exploit DB Packet Storm
134347 9.8 緊急
Network 		nb-connect project nb-connect RUST 用 nb-connect crate におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2021-27376 2021-11-11 12:17 2021-02-14 Show GitHub Exploit DB Packet Storm
134348 7.5 重要
Network 		VertiGIS WebOffice VertiGIS WebOffice における脆弱性 CWE-noinfo
情報不足 		CVE-2021-27374 2021-11-11 12:17 2021-02-2 Show GitHub Exploit DB Packet Storm
134349 9.1 緊急
Network 		Lumis Lumis Experience Platform LumisXP における XML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2021-27931 2021-11-11 12:16 2021-03-3 Show GitHub Exploit DB Packet Storm
134350 7.5 重要
Network 		AdGuard AdGuard Home AdGuard における過度な認証試行の不適切な制限に関する脆弱性 CWE-307
過度な認証試行の不適切な制限 		CVE-2021-27935 2021-11-11 11:52 2021-03-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
811 8.8 HIGH
Network 		jenkins official_owasp_zap Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary c… New CWE-610
Externally Controlled Reference to a Resource in Another Sphere 		CVE-2026-57301 2026-06-27 04:06 2026-06-24 Show GitHub Exploit DB Packet Storm
812 4.3 MEDIUM
Network 		jenkins fitnesse Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t… New CWE-256
Plaintext Storage of a Password  		CVE-2026-57302 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
813 4.2 MEDIUM
Network 		jenkins zowe_zdevops A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified… New CWE-352
 Origin Validation Error 		CVE-2026-57306 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
814 4.2 MEDIUM
Network 		jenkins zowe_zdevops A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe… New CWE-862
 Missing Authorization 		CVE-2026-57307 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
815 7.5 HIGH
Network 		shell-quote_project shell-quote shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a resu… New CWE-407
 Inefficient Algorithmic Complexity 		CVE-2026-13311 2026-06-27 04:03 2026-06-25 Show GitHub Exploit DB Packet Storm
816 2.6 LOW
Network 		nokogiri nokogiri Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-… New CWE-178
CWE-184
CWE-611
 Improper Handling of Case Sensitivity
 Incomplete Blacklist
XXE 		CVE-2026-57234 2026-06-27 04:03 2026-06-26 Show GitHub Exploit DB Packet Storm
817 8.1 HIGH
Network 		librechat librechat LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen… New CWE-306
Missing Authentication for Critical Function 		CVE-2026-54036 2026-06-27 04:02 2026-06-26 Show GitHub Exploit DB Packet Storm
818 8.8 HIGH
Network 		dokku dokku Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filen… New CWE-95
Eval Injection 		CVE-2026-45406 2026-06-27 04:01 2026-06-27 Show GitHub Exploit DB Packet Storm
819 5.5 MEDIUM
Local 		freebsd freebsd When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The … New CWE-269
 Improper Privilege Management 		CVE-2026-45256 2026-06-27 03:58 2026-06-27 Show GitHub Exploit DB Packet Storm
820 7.5 HIGH
Network 		apache apache-airflow-providers-ftp The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was tran… New CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-49486 2026-06-27 03:58 2026-06-26 Show GitHub Exploit DB Packet Storm