Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 19, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
224891	3.6	注意	Avahi	-	Avahi におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-2288	2013-12-26 15:44	2006-05-10	Show	GitHub Exploit DB Packet Storm

224892	5	警告	acftp	-	acFTP におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-2242	2013-12-26 15:44	2006-05-9	Show	GitHub Exploit DB Packet Storm

224893	2.1	注意	bitrock ProcessOne	-	Process-one ejabberd を含む製品で使用されるサードパーティ製インストーラ生成ツールにおけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-2221	2013-12-26 15:44	2006-05-5	Show	GitHub Exploit DB Packet Storm

224894	5	警告	321soft	-	321soft PhP-Gallery の index.php における絶対パストラバーサルの脆弱性	-	CVE-2006-2211	2013-12-26 15:44	2006-05-5	Show	GitHub Exploit DB Packet Storm

224895	5	警告	VWar	-	Virtual War の admin.php における重要な情報を取得される脆弱性	-	CVE-2006-2091	2013-12-26 15:44	2006-04-29	Show	GitHub Exploit DB Packet Storm

224896	5	警告	Invision Power Services, Inc	-	Invision Power Board の action_public/search.php における任意の PHP コードを実行される脆弱性	-	CVE-2006-2059	2013-12-26 15:44	2006-04-26	Show	GitHub Exploit DB Packet Storm

224897	5	警告	avant force	-	Avant Browser におけるコマンドライン引数を変更される脆弱性	-	CVE-2006-2058	2013-12-26 15:44	2006-04-26	Show	GitHub Exploit DB Packet Storm

224898	7.1	危険	WinSCP	-	WinSCP における任意のファイルをアップロードされる脆弱性	CWE-94 コード・インジェクション	CVE-2006-3015	2013-12-26 15:44	2006-06-14	Show	GitHub Exploit DB Packet Storm

224899	5	警告	alan ward	-	A-CART におけるユーザ名およびパスワードの情報を取得される脆弱性	-	CVE-2006-2948	2013-12-26 15:44	2006-06-12	Show	GitHub Exploit DB Packet Storm

224900	6	警告	KDE project	-	aRts の artswrapper における root 権限を取得される脆弱性	-	CVE-2006-2916	2013-12-26 15:44	2006-06-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 19, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3161	6.5	MEDIUM Network	koha	koha	Koha versions up to 25.11 contain a Server-Side Request Forgery (SSRF) vulnerability via the Z39.50/SRU server configuration. This allows authenticated attackers to perform internal network scanning …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-26379	2026-06-5 03:54	2026-06-4	Show	GitHub Exploit DB Packet Storm

3162	8.1	HIGH Network	shopify	react-router	React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through extern…	CWE-502 Deserialization of Untrusted Data	CVE-2026-42211	2026-06-5 03:50	2026-06-3	Show	GitHub Exploit DB Packet Storm

3163	5.4	MEDIUM Network	koha	koha	Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features	CWE-79 Cross-site Scripting	CVE-2026-26378	2026-06-5 03:49	2026-06-4	Show	GitHub Exploit DB Packet Storm

3164	6.1	MEDIUM Network	shopify	react-router	React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to p…	CWE-601 Open Redirect	CVE-2026-40181	2026-06-5 03:46	2026-06-3	Show	GitHub Exploit DB Packet Storm

3165	7.5	HIGH Network	shopify turbo-stream	react-router turbo_stream	React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-34077	2026-06-5 03:45	2026-06-3	Show	GitHub Exploit DB Packet Storm

3166	4.7	MEDIUM Network	shopify	react-router	React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS…	CWE-79 Cross-site Scripting	CVE-2026-33245	2026-06-5 03:43	2026-06-3	Show	GitHub Exploit DB Packet Storm

3167	7.3	HIGH Network	securly	securly	Version 3.0.7 of the Securly Chrome Extension contains hardcoded, plaintext AES passphrases in securly.min.js. These keys decrypt crisis alert keyword data and intervention site data.	CWE-798 Use of Hard-coded Credentials	CVE-2026-8876	2026-06-5 03:42	2026-06-4	Show	GitHub Exploit DB Packet Storm

3168	7.5	HIGH Network	securly	securly	Version 3.0.7 of the Securly Chrome Extension exposes multiple publicly accessible endpoints that allow unauthenticated access to sensitive data. The exposed information consists of SHA-1 hashes that…	CWE-326 Inadequate Encryption Strength	CVE-2026-8878	2026-06-5 03:42	2026-06-4	Show	GitHub Exploit DB Packet Storm

3169	7.5	HIGH Network	securly	securly	Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts() at runtime. This script is NOT declared in manif…	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-8879	2026-06-5 03:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3170	6.5	MEDIUM Network	libxls_project	libxls	libxls through version 1.6.3 contains a use of uninitialized memory vulnerability in the OLE container parser. Memory allocated for the Master Sector Allocation Table (MSAT) in read_MSAT() is not ful…	CWE-457 Use of Uninitialized Variable	CVE-2026-26824	2026-06-5 03:41	2026-06-4	Show	GitHub Exploit DB Packet Storm