Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
221 5.3 警告
Network 		JoomlaWorks Ltd. K2 JoomlaWorks Ltd.のK2における危険なタイプのファイルの無制限アップロードに関する脆弱性 New CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-48945 2026-06-29 11:14 2026-06-25 Show GitHub Exploit DB Packet Storm
222 6.3 警告
Network 		JoomlaWorks Ltd. K2 JoomlaWorks Ltd.のK2における危険なタイプのファイルの無制限アップロードに関する脆弱性 New CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-48946 2026-06-29 11:14 2026-06-25 Show GitHub Exploit DB Packet Storm
223 6.5 警告
Network 		struktur AG libheif struktur AGのlibheifにおける境界外読み取りに関する脆弱性 New CWE-125
境界外読み取り 		CVE-2026-49271 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
224 7.5 重要
Network 		sunnyadn js-toml sunnyadnのjs-tomlにおける複数の脆弱性 New CWE-1333
CWE-400
CWE-407
CVE-2026-49293 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
225 7.1 重要
Network 		struktur AG libde265 struktur AGのlibde265における境界外書き込みに関する脆弱性 New CWE-787
境界外書き込み 		CVE-2026-49295 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
226 7.1 重要
Network 		struktur AG libde265 struktur AGのlibde265における整数オーバーフローの脆弱性 New CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-49346 2026-06-29 11:14 2026-06-19 Show GitHub Exploit DB Packet Storm
227 3.6
Local 		Babel Babel Babelにおける複数の脆弱性 New CWE-200
CWE-22
CVE-2026-49356 2026-06-29 11:14 2026-06-22 Show GitHub Exploit DB Packet Storm
228 8.4 重要
Local 		Deno Land Deno Deno Land Inc.のDenoにおける複数の脆弱性 New CWE-176
CWE-41
CVE-2026-49401 2026-06-29 11:14 2026-06-23 Show GitHub Exploit DB Packet Storm
229 8.1 重要
Network 		Deno Land Deno Deno Land Inc.のDenoにおけるOS コマンドインジェクションの脆弱性 New CWE-78
OSコマンド・インジェクション 		CVE-2026-49402 2026-06-29 11:14 2026-06-23 Show GitHub Exploit DB Packet Storm
230 5.5 警告
Local 		Deno Land Deno Deno Land Inc.のDenoにおけるパストラバーサルの脆弱性 New CWE-22
パス・トラバーサル 		CVE-2026-49406 2026-06-29 11:14 2026-06-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
254271 9.8 CRITICAL
Network 		megamek megamek MegaMek version < v0.45.1 contains a Other/Unknown vulnerability in Object Stream Connection that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution. CWE-502
 Deserialization of Untrusted Data 		CVE-2018-1000824 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254272 10.0 CRITICAL
Network 		exist-db exist exist version <= 5.0.0-RC4 contains a XML External Entity (XXE) vulnerability in XML Parser for REST Server that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. CWE-611
XXE 		CVE-2018-1000823 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254273 10.0 CRITICAL
Network 		codelibs fess codelibs fess version before commit faa265b contains a XML External Entity (XXE) vulnerability in GSA XML file parser that can result in Disclosure of confidential data, denial of service, SSRF, port… CWE-611
XXE 		CVE-2018-1000822 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254274 10.0 CRITICAL
Network 		micromathematics_project micromathematics MicroMathematics version before commit 5c05ac8 contains a XML External Entity (XXE) vulnerability in SMathStudio files that can result in Disclosure of confidential data, denial of service, SSRF, por… CWE-611
XXE 		CVE-2018-1000821 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254275 10.0 CRITICAL
Network 		neo4j awesome_procedures_on_cyper neo4j-contrib neo4j-apoc-procedures version before commit 45bc09c contains a XML External Entity (XXE) vulnerability in XML Parser that can result in Disclosure of confidential data, denial of servic… CWE-611
XXE 		CVE-2018-1000820 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254276 5.4 MEDIUM
Network 		grafana grafana Grafana version confirmed for 5.2.4 and 5.3.0 contains a Cross Site Scripting (XSS) vulnerability in Influxdb and Graphite query editor that can result in Running arbitrary js code in victims browser… CWE-79
Cross-site Scripting 		CVE-2018-1000816 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254277 4.3 MEDIUM
Network 		brave brave Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result … CWE-20
 Improper Input Validation  		CVE-2018-1000815 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254278 7.5 HIGH
Network 		asset_pipeline_project asset-pipeline Asset Pipeline Grails Plugin Asset-pipeline plugin version Prior to 2.14.1.1, 2.15.1 and 3.0.6 contains a Incorrect Access Control vulnerability in Applications deployed in Jetty that can result in D… CWE-22
Path Traversal 		CVE-2018-1000817 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254279 6.5 MEDIUM
Network 		aiohttp-session_project aiohttp-session aio-libs aiohttp-session version 2.6.0 and earlier contains a Other/Unknown vulnerability in EncryptedCookieStorage and NaClCookieStorage that can result in Non-expiring sessions / Infinite lifespan.… CWE-613
 Insufficient Session Expiration 		CVE-2018-1000814 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm
254280 4.8 MEDIUM
Network 		backdropcms backdrop_cms Backdrop CMS version 1.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Sanitization of custom class names used on blocks and layouts. that can result in Execution of JavaScrip… CWE-79
Cross-site Scripting 		CVE-2018-1000813 2024-11-21 12:40 2018-12-21 Show GitHub Exploit DB Packet Storm