Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242611	4.9	警告	IBM	-	Windows 上で稼働する IBM IDS におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2007-5957	2012-09-25 16:59	2007-11-14	Show	GitHub Exploit DB Packet Storm

242612	7.2	危険	IBM	-	IBM IDS におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2007-5956	2012-09-25 16:59	2007-11-14	Show	GitHub Exploit DB Packet Storm

242613	4.3	警告	jlmforo system	-	JLMForo System の buscador.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5954	2012-09-25 16:59	2007-11-13	Show	GitHub Exploit DB Packet Storm

242614	4.3	警告	helioscalendar	-	Helios Calendar の admin/index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5952	2012-09-25 16:59	2007-11-13	Show	GitHub Exploit DB Packet Storm

242615	3.5	注意	IBM	-	IBM Tivoli Service Desk におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5949	2012-09-25 16:59	2007-11-13	Show	GitHub Exploit DB Packet Storm

242616	10	危険	Heimdal	-	Heimdal の gss_userok 関数における脆弱性	CWE-119 バッファエラー	CVE-2007-5939	2012-09-25 16:59	2007-12-6	Show	GitHub Exploit DB Packet Storm

242617	4.3	警告	PEAR	-	PEAR MDB2 の LOB 機能における MDB2 を使用される脆弱性	CWE-200 CWE-DesignError	CVE-2007-5934	2012-09-25 16:59	2007-02-4	Show	GitHub Exploit DB Packet Storm

242618	5	警告	OrangeHRM	-	OrangeHRM の lib/controllers/RepViewController.php におけるデータへのアクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2007-5931	2012-09-25 16:59	2007-11-10	Show	GitHub Exploit DB Packet Storm

242619	9	危険	Openbase International	-	OpenBase におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-5929	2012-09-25 16:59	2007-11-9	Show	GitHub Exploit DB Packet Storm

242620	9	危険	Openbase International	-	OpenBase における任意のメモリ領域を開放される脆弱性	CWE-119 CWE-20	CVE-2007-5928	2012-09-25 16:59	2007-11-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1451	8.3	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI lets an authenticated user attach arbitrary file_id values to their own c…	CWE-284 CWE-639 CWE-862 Improper Access Control Authorization Bypass Through User-Controlled Key Missing Authorization	CVE-2026-54010	2026-06-25 22:34	2026-06-24	Show	GitHub Exploit DB Packet Storm

1452	5.4	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and i…	CWE-79 Cross-site Scripting	CVE-2026-54011	2026-06-25 22:33	2026-06-24	Show	GitHub Exploit DB Packet Storm

1453	8.8	HIGH Network	-	-	The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to p…	-	CVE-2026-5305	2026-06-25 22:28	2026-06-25	Show	GitHub Exploit DB Packet Storm

1454	7.5	HIGH Network	-	-	The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowi…	-	CVE-2026-9702	2026-06-25 22:28	2026-06-25	Show	GitHub Exploit DB Packet Storm

1455	5.5	MEDIUM Local	-	-	Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may a…	CWE-782 Exposed IOCTL with Insufficient Access Control	CVE-2026-56129	2026-06-25 22:28	2026-06-25	Show	GitHub Exploit DB Packet Storm

1456	-		-	-	Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended to upgrade to version 2.16.0, which fixe…	CWE-280 Improper Handling of Insufficient Permissions or Privileges	CVE-2026-41566	2026-06-25 22:27	2026-06-25	Show	GitHub Exploit DB Packet Storm

1457	-		-	-	Relative Path Traversal vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 1.0.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.	CWE-23 Relative Path Traversal	CVE-2026-45188	2026-06-25 22:27	2026-06-25	Show	GitHub Exploit DB Packet Storm

1458	-		-	-	A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.2.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.	-	CVE-2026-46751	2026-06-25 22:27	2026-06-25	Show	GitHub Exploit DB Packet Storm

1459	-		-	-	Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fix…	CWE-122 Heap-based Buffer Overflow	CVE-2026-46752	2026-06-25 22:27	2026-06-25	Show	GitHub Exploit DB Packet Storm

1460	-		-	-	When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://www.cve.or…	CWE-289 Authentication Bypass by Alternate Name	CVE-2026-56091	2026-06-25 22:27	2026-06-25	Show	GitHub Exploit DB Packet Storm