Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 16, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2201	6.1	警告 Network	Joomla!	Joomla!	Joomla!におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25901	2026-05-29 11:18	2026-05-26	Show	GitHub Exploit DB Packet Storm

2202	4.3	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-2601	2026-05-29 11:18	2026-05-27	Show	GitHub Exploit DB Packet Storm

2203	7.5	重要 Network	lfprojects	mlflow	lfprojectsのmlflowにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-2614	2026-05-29 11:17	2026-05-11	Show	GitHub Exploit DB Packet Storm

2204	7.7	重要 Network	マイクロソフト	Azure Stack HCI	Azure Stack HCI の情報漏えいの脆弱性	CWE-20 不適切な入力確認	CVE-2026-26147	2026-05-29 11:17	2026-05-22	Show	GitHub Exploit DB Packet Storm

2205	8.8	重要 Network	NervesHub	NervesHub	NervesHubにおける複数の脆弱性	CWE-285 CWE-668	CVE-2026-28806	2026-05-29 11:17	2026-03-10	Show	GitHub Exploit DB Packet Storm

2206	7.5	重要 Network	Gleam-wisp	Wisp	Gleam-wispのWispにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-28807	2026-05-29 11:17	2026-03-10	Show	GitHub Exploit DB Packet Storm

2207	6.1	警告 Network	Joomla!	Joomla!	Joomla!におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-30894	2026-05-29 11:17	2026-05-26	Show	GitHub Exploit DB Packet Storm

2208	6.1	警告 Network	Joomla!	Joomla!	Joomla!におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-30895	2026-05-29 11:17	2026-05-26	Show	GitHub Exploit DB Packet Storm

2209	9.8	緊急 Network	マイクロソフト	Microsoft Entra ID	Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-33843	2026-05-29 11:17	2026-05-22	Show	GitHub Exploit DB Packet Storm

2210	4.3	警告 Network	Joomla!	Joomla!	Joomla!におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-35220	2026-05-29 11:17	2026-05-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 17, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
319701	9.8	CRITICAL Network	ivanti	virtual_traffic_management	Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel.	CWE-287 Improper Authentication	CVE-2024-7593	2024-09-25 10:00	2024-08-14	Show	GitHub Exploit DB Packet Storm

319702	5.5	MEDIUM Local	apple	macos	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access protected user data.	CWE-281 Improper Preservation of Permissions	CVE-2024-44188	2024-09-25 05:38	2024-09-17	Show	GitHub Exploit DB Packet Storm

319703	5.5	MEDIUM Local	apple	macos	A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15. An app may be able to access user-sensitive data.	CWE-281 Improper Preservation of Permissions	CVE-2024-40859	2024-09-25 05:31	2024-09-17	Show	GitHub Exploit DB Packet Storm

319704	7.5	HIGH Network	zitadel	zitadel	Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. Deactivated service accounts retained the ability t…	NVD-CWE-noinfo	CVE-2024-47000	2024-09-25 05:25	2024-09-20	Show	GitHub Exploit DB Packet Storm

319705	6.5	MEDIUM Network	zitadel	zitadel	Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants were still provided in token, which could lead to …	NVD-CWE-noinfo	CVE-2024-46999	2024-09-25 05:20	2024-09-20	Show	GitHub Exploit DB Packet Storm

319706	7.5	HIGH Network	envoyproxy	envoy	Envoy is a cloud-native high-performance edge/middle/service proxy. Jwt filter will lead to an Envoy crash when clear route cache with remote JWKs. In the following case: 1. remote JWKs are used, whi…	CWE-476 NULL Pointer Dereference	CVE-2024-45809	2024-09-25 05:12	2024-09-20	Show	GitHub Exploit DB Packet Storm

319707	7.5	HIGH Network	envoyproxy	envoy	Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy will crash when the http async client is handling `sendLocalReply` under some circumstance, e.g., websocket upgrade, and requ…	NVD-CWE-noinfo	CVE-2024-45810	2024-09-25 04:48	2024-09-20	Show	GitHub Exploit DB Packet Storm

319708	4.8	MEDIUM Network	mage-people	bus_ticket_booking_with_seat_reservation	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Stored XSS.This issue affe…	CWE-79 Cross-site Scripting	CVE-2024-43985	2024-09-25 04:33	2024-09-18	Show	GitHub Exploit DB Packet Storm

319709	6.1	MEDIUM Network	couchbase	couchbase_server	Couchbase Server 7.6.x before 7.6.2, 7.2.x before 7.2.6, and all earlier versions allows HTTP Host header injection.	CWE-74 Injection	CVE-2024-25673	2024-09-25 04:08	2024-09-20	Show	GitHub Exploit DB Packet Storm

319710	5.5	MEDIUM Local	apple	macos ipados iphone_os visionos tvos watchos	A logic error was addressed with improved error handling. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, watchOS 11, macOS Sequoia 15, iOS 18 and iPadOS 18, macOS So…	NVD-CWE-noinfo	CVE-2024-44183	2024-09-25 04:04	2024-09-17	Show	GitHub Exploit DB Packet Storm