Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 1, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
232571 7.5 危険 portix-php - Portix-PHP の login コンポーネントにおける SQL インジェクションの脆弱性 - CVE-2006-6935 2012-12-20 18:18 2007-01-16 Show GitHub Exploit DB Packet Storm
232572 6.8 警告 portix-php - Portix-PHP におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6934 2012-12-20 18:18 2007-01-16 Show GitHub Exploit DB Packet Storm
232573 5 警告 Snort.org - Snort におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-6931 2012-12-20 18:18 2007-01-16 Show GitHub Exploit DB Packet Storm
232574 6.8 警告 sage-mozdev - Firefox Sage エクステンションにおけるローカルコンテキストの任意の Javascript を実行される脆弱性 - CVE-2006-6919 2012-12-20 18:18 2007-01-11 Show GitHub Exploit DB Packet Storm
232575 7.5 危険 phpMyFAQ - phpMyFAQ における任意の PHP スクリプトをアップロードされる脆弱性 - CVE-2006-6913 2012-12-20 18:18 2006-12-15 Show GitHub Exploit DB Packet Storm
232576 7.5 危険 phpMyFAQ - phpMyFAQ における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2006-6912 2012-12-20 18:02 2006-12-15 Show GitHub Exploit DB Packet Storm
232577 10 危険 東芝 - Toshiba Bluetooth スタックにおける管理者アクセス権限を取得される脆弱性 - CVE-2006-6903 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
232578 5.4 警告 widcomm - Widcomm BTW におけるディレクトリトラバーサルの脆弱性 - CVE-2006-6897 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
232579 5.4 警告 plantronic - Plantronic Headset の Bluetooth スタックにおける許可されていない組み合わせ操作を実行される脆弱性 - CVE-2006-6896 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
232580 2.9 注意 sony ericsson - Sony Ericsson T60 の Bluetooth スタックにおける許可されていない問い合わせ応答へのアクセス権を取得される脆弱性 - CVE-2006-6895 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 1, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
361 9.9 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.5 and earlier, a critical path traversal vulnerability exists in Dokploy v0.26.5 that allows authenticated users to write arbitr… New CWE-22
CWE-35
Path Traversal
 Path Traversal: '.../...//' 		CVE-2026-45661 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
362 5.4 MEDIUM
Network 		- - Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.22 and 6.18.1, the Glide image proxy's URL validation could be bypassed using an IP representation that wasn't nor… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45660 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
363 9.9 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.6 and earlier, Dokploy contains a command injection vulnerability in the /docker-container-logs WebSocket endpoint. The tail and… New CWE-78
OS Command  		CVE-2026-45633 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
364 9.9 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, up… New CWE-78
CWE-269
CWE-862
OS Command 
 Improper Privilege Management
 Missing Authorization 		CVE-2026-45632 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
365 10.0 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). From 0.27.0 to before 0.29.3, a hardcoded BETTER_AUTH_SECRET fallback ("better-auth-secret-123456789") lets an unauthenticated attacker … New CWE-798
 Use of Hard-coded Credentials 		CVE-2026-45631 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
366 9.0 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the application.updateTraefikConfig tRPC endpoint allows admin/owner users … New CWE-78
OS Command  		CVE-2026-45630 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
367 9.9 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.28.8 and earlier, authenticated OS command injection in the /listen-deployment WebSocket endpoint allows any organization member to… New CWE-78
OS Command  		CVE-2026-45629 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
368 9.6 CRITICAL
Network 		- - Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.29.2 and earlier, Dokploy constructs shell commands using JavaScript template literals and executes them via child_process.exec() (… New CWE-20
CWE-77
 Improper Input Validation 
Command Injection 		CVE-2026-45628 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
369 8.2 HIGH
Network 		- - Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query param… New CWE-79
Cross-site Scripting 		CVE-2026-45627 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm
370 6.3 MEDIUM
Network 		- - Arcane is an interface for managing Docker containers, images, networks, and volumes. In 1.18.1 and earlier, GET /environments/{id}/volumes/{volumeName}/browse accepts a path query parameter that is … New CWE-78
OS Command  		CVE-2026-45626 2026-05-30 03:17 2026-05-30 Show GitHub Exploit DB Packet Storm