Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
247871	6.8	警告	Drupal	-	Drupal 用の CVS management/tracker におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6386	2012-06-26 15:38	2006-12-5	Show	GitHub Exploit DB Packet Storm

247872	7.5	危険	CA Technologies	-	複数の CA 製品の BrightStor Backup Discovery Service におけるバッファオーバーフローの脆弱性	-	CVE-2006-6379	2012-06-26 15:38	2006-12-8	Show	GitHub Exploit DB Packet Storm

247873	7.5	危険	awrate	-	awrate の login.php.inc における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-6368	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

247874	7.5	危険	duware	-	DUware DUdownload の detail.asp における SQL インジェクションの脆弱性	-	CVE-2006-6367	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

247875	6.8	警告	Cerberus, LLC	-	Cerberus Helpdesk の includes/elements/spellcheck/spellwin.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6366	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

247876	7.5	危険	duware	-	DUware DUpaypal の detail.asp における SQL インジェクションの脆弱性	-	CVE-2006-6365	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

247877	6.8	警告	bluesocket	-	BlueSocket Secure Controller (BSC) の admin.pl におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6363	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

247878	10	危険	bitflux	-	Bitflux Upload Progress Meter の uploadprogress_php_rfc1867_file 関数におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2006-6361	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

247879	10	危険	duware	-	DuWare DuClassmate の default.asp における SQL インジェクションの脆弱性	-	CVE-2006-6355	2012-06-26 15:38	2006-12-6	Show	GitHub Exploit DB Packet Storm

247880	7.5	危険	duware	-	DuWare DuNews の detail.asp における SQL インジェクションの脆弱性	-	CVE-2006-6354	2012-06-26 15:38	2006-12-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
511	8.1	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, the single-datasource GET and PUT routes are guarded by generic TABLE READ, not by Builder/Admin permission or datasource-specific owner… New	CWE-863 Incorrect Authorization	CVE-2026-48152	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

512	9.0	CRITICAL Network	-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-48150	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

513	-		-	-	Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reser… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-48148	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

514	6.5	MEDIUM Network	-	-	Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanc… New	CWE-185 CWE-352 Incorrect Regular Expression Origin Validation Error	CVE-2026-48147	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

515	-		-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-48128	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

516	7.6	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks … New	CWE-79 CWE-434 Cross-site Scripting Unrestricted Upload of File with Dangerous Type	CVE-2026-46426	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

517	9.9	CRITICAL Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise featu… New	CWE-862 Missing Authorization	CVE-2026-46425	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

518	6.5	MEDIUM Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.1, the V1 Views API (POST /api/views) accepts a calculation parameter from the request body that is interpolated directly into a CouchDB re… New	CWE-94 Code Injection	CVE-2026-45719	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

519	8.8	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.1, Budibase exposes a REST API for datasource management. The route PUT /api/datasources/:datasourceId is registered in the authorizedRoute… New	CWE-862 Missing Authorization	CVE-2026-45717	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

520	8.8	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissio… New	CWE-269 Improper Privilege Management	CVE-2026-45716	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm