Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1911	6.5	警告 Network	MongoDB Inc.	MongoDB	MongoDB Inc.のMongoDBにおける到達可能なアサーションに関する脆弱性	CWE-617 到達可能なアサーション	CVE-2026-9747	2026-06-16 13:34	2026-06-9	Show	GitHub Exploit DB Packet Storm

1912	6.5	警告 Network	MongoDB Inc.	MongoDB	MongoDB Inc.のMongoDBにおける到達可能なアサーションに関する脆弱性	CWE-617 到達可能なアサーション	CVE-2026-9748	2026-06-16 13:34	2026-06-9	Show	GitHub Exploit DB Packet Storm

1913	6.5	警告 Network	MongoDB Inc.	MongoDB	MongoDB Inc.のMongoDBにおける到達可能なアサーションに関する脆弱性	CWE-617 到達可能なアサーション	CVE-2026-9750	2026-06-16 13:34	2026-06-9	Show	GitHub Exploit DB Packet Storm

1914	7.2	重要 Network	ThingsBoard, Inc.	ThingsBoard	ThingsBoardにおけるプロトタイプ汚染の脆弱性	CWE-Other その他	CVE-2026-53676	2026-06-16 12:16	2026-06-16	Show	GitHub Exploit DB Packet Storm

1915	8.7	重要 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-10087	2026-06-15 18:37	2026-06-11	Show	GitHub Exploit DB Packet Storm

1916	4.3	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-10733	2026-06-15 18:37	2026-06-11	Show	GitHub Exploit DB Packet Storm

1917	6.5	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-1500	2026-06-15 18:37	2026-06-11	Show	GitHub Exploit DB Packet Storm

1918	3.1	低 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-3553	2026-06-15 18:37	2026-06-11	Show	GitHub Exploit DB Packet Storm

1919	8.1	重要 Network	Netty	Netty	Nettyにおける複数の脆弱性	CWE-284 CWE-697	CVE-2026-44249	2026-06-15 18:37	2026-06-11	Show	GitHub Exploit DB Packet Storm

1920	7.5	重要 Network	Netty	Netty	Nettyにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-44250	2026-06-15 18:37	2026-06-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
731	6.1	MEDIUM Network	pylonsproject	webob	WebOb provides objects for HTTP requests and responses. Prior to 1.8.10, the normalization of the HTTP Location header during a redirect is vulnerable to an open redirect: WebOb joins the redirect ta…	CWE-601 Open Redirect	CVE-2026-44889	2026-06-27 05:08	2026-06-23	Show	GitHub Exploit DB Packet Storm

732	8.6	HIGH Network	chimurai	http-proxy-middleware	http-proxy-middleware is node.js http-proxy middleware. From 0.16.0 until 2.0.10, 3.0.6, and 4.1.0, http-proxy-middleware documents router proxy-table entries as host, path, or host+path selectors, b…	CWE-20 CWE-187 Improper Input Validation Partial String Comparison	CVE-2026-55602	2026-06-27 05:06	2026-06-23	Show	GitHub Exploit DB Packet Storm

733	7.5	HIGH Network	nltk	nltk	NLTK (Natural Language Toolkit) is a suite of open source Python modules, data sets, and tutorials supporting research and development in Natural Language Processing. Prior to 3.10.0-rc1, nltk.data.l…	CWE-22 Path Traversal	CVE-2026-54293	2026-06-27 05:06	2026-06-23	Show	GitHub Exploit DB Packet Storm

734	6.1	MEDIUM Network	ibm	engineering_workflow_management	IBM Engineering Workflow Management 7.0.2 through 7.0.2 Interim Fix 035, 7.0.3 through 7.0.3 Interim Fix 017, and 7.1 through 7.1 Interim Fix 004 is vulnerable to HTTP header injection, caused by imp…	CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax	CVE-2024-51454	2026-06-27 05:05	2026-06-23	Show	GitHub Exploit DB Packet Storm

735	5.5	MEDIUM Local	langchain	langchain	LangChain is a framework for building agents and LLM-powered applications. Prior to 1.3.9, several LangChain components that resolve filesystem paths or expand search patterns do not consistently con…	CWE-22 CWE-59 Path Traversal Link Following	CVE-2026-55443	2026-06-27 05:05	2026-06-23	Show	GitHub Exploit DB Packet Storm

736	3.6	LOW Local	babel	babel	Babel is a compiler for writing next generation JavaScript. Prior to 8.0.0-rc.6 and 7.29.6, @babel/core affected by an arbitrary file read via a sourceMappingURL comment. Using @babel/core to compile…	CWE-22 CWE-200 Path Traversal Information Exposure	CVE-2026-49356	2026-06-27 05:04	2026-06-23	Show	GitHub Exploit DB Packet Storm

737	7.5	HIGH Network	protobufjs_project	protobufjs	protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit while converting decoded messages to plain objects or…	CWE-674 Uncontrolled Recursion	CVE-2026-48712	2026-06-27 05:04	2026-06-23	Show	GitHub Exploit DB Packet Storm

738	5.5	MEDIUM Local	isaacs	tar	node-tar is a full-featured Tar for Node.js. Prior to 7.5.16, tar (node-tar) applies a PAX extended header's size= record (and other PAX overrides) to the next header entry of any type, including int…	CWE-436 Interpretation Conflict	CVE-2026-53655	2026-06-27 05:03	2026-06-23	Show	GitHub Exploit DB Packet Storm

739	8.2	HIGH Network	docling	docling	Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly con…	CWE-94 CWE-918 Code Injection Server-Side Request Forgery (SSRF)	CVE-2026-44016	2026-06-27 05:02	2026-06-25	Show	GitHub Exploit DB Packet Storm

740	7.5	HIGH Network	faraday_project	faraday	Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query par…	CWE-674 Uncontrolled Recursion	CVE-2026-54297	2026-06-27 05:01	2026-06-25	Show	GitHub Exploit DB Packet Storm