Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
221 5.3 警告
Network 		JoomlaWorks Ltd. K2 JoomlaWorks Ltd.のK2における危険なタイプのファイルの無制限アップロードに関する脆弱性 New CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-48945 2026-06-29 11:14 2026-06-25 Show GitHub Exploit DB Packet Storm
222 6.3 警告
Network 		JoomlaWorks Ltd. K2 JoomlaWorks Ltd.のK2における危険なタイプのファイルの無制限アップロードに関する脆弱性 New CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-48946 2026-06-29 11:14 2026-06-25 Show GitHub Exploit DB Packet Storm
223 6.5 警告
Network 		struktur AG libheif struktur AGのlibheifにおける境界外読み取りに関する脆弱性 New CWE-125
境界外読み取り 		CVE-2026-49271 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
224 7.5 重要
Network 		sunnyadn js-toml sunnyadnのjs-tomlにおける複数の脆弱性 New CWE-1333
CWE-400
CWE-407
CVE-2026-49293 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
225 7.1 重要
Network 		struktur AG libde265 struktur AGのlibde265における境界外書き込みに関する脆弱性 New CWE-787
境界外書き込み 		CVE-2026-49295 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
226 7.1 重要
Network 		struktur AG libde265 struktur AGのlibde265における整数オーバーフローの脆弱性 New CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-49346 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
227 3.6
Local 		Babel Babel Babelにおける複数の脆弱性 New CWE-200
CWE-22
CVE-2026-49356 2026-06-29 11:14 2026-06-22 Show GitHub Exploit DB Packet Storm
228 8.4 重要
Local 		Deno Land Deno Deno Land Inc.のDenoにおける複数の脆弱性 New CWE-176
CWE-41
CVE-2026-49401 2026-06-29 11:14 2026-06-23 Show GitHub Exploit DB Packet Storm
229 8.1 重要
Network 		Deno Land Deno Deno Land Inc.のDenoにおけるOS コマンドインジェクションの脆弱性 New CWE-78
OSコマンド・インジェクション 		CVE-2026-49402 2026-06-29 11:14 2026-06-23 Show GitHub Exploit DB Packet Storm
230 5.5 警告
Local 		Deno Land Deno Deno Land Inc.のDenoにおけるパストラバーサルの脆弱性 New CWE-22
パス・トラバーサル 		CVE-2026-49406 2026-06-29 11:14 2026-06-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
254241 7.5 HIGH
Network 		lms lms lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be … CWE-200
Information Exposure 		CVE-2018-1000535 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254242 6.1 MEDIUM
Network 		joplin_project joplin Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Not… CWE-79
Cross-site Scripting 		CVE-2018-1000534 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254243 9.8 CRITICAL
Network 		gitlist gitlist klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This att… CWE-20
 Improper Input Validation  		CVE-2018-1000533 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254244 4.7 MEDIUM
Local 		beep_project beep beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by oth… CWE-22
Path Traversal 		CVE-2018-1000532 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254245 7.5 HIGH
Network 		inversoft prime-jwt inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT… CWE-20
 Improper Input Validation  		CVE-2018-1000531 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254246 6.1 MEDIUM
Network 		grails grails_fields Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8. CWE-79
Cross-site Scripting 		CVE-2018-1000529 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254247 6.1 MEDIUM
Network 		debian
gonicus 		debian_linux
gosa 		GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in in… CWE-79
Cross-site Scripting 		CVE-2018-1000528 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254248 7.2 HIGH
Network 		froxlor froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be ex… CWE-502
 Deserialization of Untrusted Data 		CVE-2018-1000527 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254249 7.5 HIGH
Network 		openpsa2 openpsa Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulner… CWE-91
Blind XPath Injection 		CVE-2018-1000526 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254250 9.8 CRITICAL
Network 		openpsa2 openpsa openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to … CWE-502
 Deserialization of Untrusted Data 		CVE-2018-1000525 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm