Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
221	5.3	警告 Network	JoomlaWorks Ltd.	K2	JoomlaWorks Ltd.のK2における危険なタイプのファイルの無制限アップロードに関する脆弱性 New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-48945	2026-06-29 11:14	2026-06-25	Show	GitHub Exploit DB Packet Storm

222	6.3	警告 Network	JoomlaWorks Ltd.	K2	JoomlaWorks Ltd.のK2における危険なタイプのファイルの無制限アップロードに関する脆弱性 New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-48946	2026-06-29 11:14	2026-06-25	Show	GitHub Exploit DB Packet Storm

223	6.5	警告 Network	struktur AG	libheif	struktur AGのlibheifにおける境界外読み取りに関する脆弱性 New	CWE-125 境界外読み取り	CVE-2026-49271	2026-06-29 11:14	2026-06-19	Show	GitHub Exploit DB Packet Storm

224	7.5	重要 Network	sunnyadn	js-toml	sunnyadnのjs-tomlにおける複数の脆弱性 New	CWE-1333 CWE-400 CWE-407	CVE-2026-49293	2026-06-29 11:14	2026-06-19	Show	GitHub Exploit DB Packet Storm

225	7.1	重要 Network	struktur AG	libde265	struktur AGのlibde265における境界外書き込みに関する脆弱性 New	CWE-787 境界外書き込み	CVE-2026-49295	2026-06-29 11:14	2026-06-19	Show	GitHub Exploit DB Packet Storm

226	7.1	重要 Network	struktur AG	libde265	struktur AGのlibde265における整数オーバーフローの脆弱性 New	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-49346	2026-06-29 11:14	2026-06-19	Show	GitHub Exploit DB Packet Storm

227	3.6	低 Local	Babel	Babel	Babelにおける複数の脆弱性 New	CWE-200 CWE-22	CVE-2026-49356	2026-06-29 11:14	2026-06-22	Show	GitHub Exploit DB Packet Storm

228	8.4	重要 Local	Deno Land	Deno	Deno Land Inc.のDenoにおける複数の脆弱性 New	CWE-176 CWE-41	CVE-2026-49401	2026-06-29 11:14	2026-06-23	Show	GitHub Exploit DB Packet Storm

229	8.1	重要 Network	Deno Land	Deno	Deno Land Inc.のDenoにおけるOS コマンドインジェクションの脆弱性 New	CWE-78 OSコマンド・インジェクション	CVE-2026-49402	2026-06-29 11:14	2026-06-23	Show	GitHub Exploit DB Packet Storm

230	5.5	警告 Local	Deno Land	Deno	Deno Land Inc.のDenoにおけるパストラバーサルの脆弱性 New	CWE-22 パス・トラバーサル	CVE-2026-49406	2026-06-29 11:14	2026-06-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
256581	7.8	HIGH Local	linux	linux_kernel	The IPv6 fragmentation implementation in the Linux kernel through 4.11.1 does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial …	CWE-125 Out-of-bounds Read	CVE-2017-9074	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256582	6.1	MEDIUM Network	calendarxp	popcalendarxp flatcalendarxp	Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in…	CWE-79 Cross-site Scripting	CVE-2017-9072	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256583	4.7	MEDIUM Network	modx	modx_revolution	In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such…	CWE-79 Cross-site Scripting	CVE-2017-9071	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256584	5.4	MEDIUM Network	modx	modx_revolution	In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.	CWE-79 Cross-site Scripting	CVE-2017-9070	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256585	8.8	HIGH Network	modx	modx_revolution	In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2017-9069	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256586	6.1	MEDIUM Network	modx	modx_revolution	In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.	CWE-79 Cross-site Scripting	CVE-2017-9068	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256587	7.0	HIGH Local	modx php	modx_revolution php	In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/i…	CWE-22 Path Traversal	CVE-2017-9067	2024-11-21 12:35	2017-05-19	Show	GitHub Exploit DB Packet Storm

256588	8.6	HIGH Network	wordpress debian	wordpress debian_linux	In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2017-9066	2024-11-21 12:35	2017-05-18	Show	GitHub Exploit DB Packet Storm

256589	7.5	HIGH Network	wordpress debian	wordpress debian_linux	In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.	CWE-20 Improper Input Validation	CVE-2017-9065	2024-11-21 12:35	2017-05-18	Show	GitHub Exploit DB Packet Storm

256590	8.8	HIGH Network	wordpress debian	wordpress debian_linux	In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.	CWE-352 Origin Validation Error	CVE-2017-9064	2024-11-21 12:35	2017-05-18	Show	GitHub Exploit DB Packet Storm