Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242561	7.5	危険	kinson chan charray	-	Charray の CMS における PHP リモートファイルインクルージョンの脆弱性	CWE-20 不適切な入力確認	CVE-2007-6179	2012-09-25 16:59	2007-11-29	Show	GitHub Exploit DB Packet Storm

242562	7.5	危険	php con	-	PHP_CON の Exchange/include.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-6177	2012-09-25 16:59	2007-11-29	Show	GitHub Exploit DB Packet Storm

242563	4.3	警告	Liferay	-	Liferay Enterprise Portal の c/portal/login におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6173	2012-09-25 16:59	2007-11-29	Show	GitHub Exploit DB Packet Storm

242564	6.8	警告	iaprcommence	-	IAPR COMMENCE における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-6147	2012-09-25 16:59	2007-11-27	Show	GitHub Exploit DB Packet Storm

242565	6.8	警告	mp3	-	Mp3 ToolBox の index.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-6139	2012-09-25 16:59	2007-11-27	Show	GitHub Exploit DB Packet Storm

242566	7.5	危険	p3mbo	-	Content Injector の news.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6137	2012-09-25 16:59	2007-11-27	Show	GitHub Exploit DB Packet Storm

242567	4.3	警告	m2scripts	-	M2Scripts の MySpace Sctipts Poll Creator におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6136	2012-09-25 16:59	2007-11-27	Show	GitHub Exploit DB Packet Storm

242568	10	危険	irc services	-	IRC Services における脆弱性	CWE-noinfo 情報不足	CVE-2007-6123	2012-09-25 16:59	2007-11-26	Show	GitHub Exploit DB Packet Storm

242569	5	警告	irc services	-	IRC Services の encrypt.c の default_encrypt 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2007-6122	2012-09-25 16:59	2007-11-26	Show	GitHub Exploit DB Packet Storm

242570	5	警告	ihu	-	IHU におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2007-6103	2012-09-25 16:59	2007-11-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1421	6.1	MEDIUM Network	nuxt	nuxt	Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 fail to validate script-capable URLs in the navigateTo open option, allowing client-side script execution. Attackers can supply javascript: URLs…	CWE-79 Cross-site Scripting	CVE-2026-56698	2026-06-26 01:56	2026-06-23	Show	GitHub Exploit DB Packet Storm

1422	6.1	MEDIUM Network	nuxt	nuxt	Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as //evil.com in the reloadNuxtApp function; these pass the script-protocol check but resolve to a cross-ori…	CWE-601 Open Redirect	CVE-2026-56697	2026-06-26 01:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

1423	6.1	MEDIUM Network	nuxt	nuxt	Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 contain a server-side open redirect vulnerability in navigateTo that fails to properly validate path-normalized payloads like /..//evil.com and …	CWE-601 Open Redirect	CVE-2026-56326	2026-06-26 01:51	2026-06-23	Show	GitHub Exploit DB Packet Storm

1424	3.3	LOW Local	pypdf_project	pypdf	pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which …	CWE-407 Inefficient Algorithmic Complexity	CVE-2026-49460	2026-06-26 01:51	2026-06-23	Show	GitHub Exploit DB Packet Storm

1425	7.7	HIGH Network	flowiseai	flowise	Flowise before 3.1.2 contains an information disclosure vulnerability in the /api/v1/chatflows/apikey/:apikey endpoint. When the keyonly query parameter is omitted (the default), the endpoint returns…	CWE-863 Incorrect Authorization	CVE-2026-56268	2026-06-26 01:50	2026-06-23	Show	GitHub Exploit DB Packet Storm

1426	5.5	MEDIUM Local	pypdf_project	pypdf	pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text …	CWE-400 Uncontrolled Resource Consumption	CVE-2026-49461	2026-06-26 01:48	2026-06-23	Show	GitHub Exploit DB Packet Storm

1427	5.5	MEDIUM Local	pypdf_project	pypdf	pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-54530	2026-06-26 01:47	2026-06-23	Show	GitHub Exploit DB Packet Storm

1428	5.5	MEDIUM Local	pypdf_project	pypdf	pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with ou…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-54531	2026-06-26 01:46	2026-06-23	Show	GitHub Exploit DB Packet Storm

1429	5.3	MEDIUM Network	-	-	Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures doe…	CWE-347 Improper Verification of Cryptographic Signature	CVE-2026-46349	2026-06-26 01:32	2026-06-25	Show	GitHub Exploit DB Packet Storm

1430	6.5	MEDIUM Network	-	-	Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures doe…	CWE-354 Improper Validation of Integrity Check Value	CVE-2026-48028	2026-06-26 01:32	2026-06-25	Show	GitHub Exploit DB Packet Storm