Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251521	6	警告	Drupal	-	Drupal 用の Acidfree モジュールにおける任意の SQL コマンドを実行される脆弱性	-	CVE-2007-0507	2012-06-26 15:46	2007-01-23	Show	GitHub Exploit DB Packet Storm

251522	6	警告	Drupal	-	Drupal 用の Project issue tracking モジュールにおけるアクセスコントロールモジュールを回避される脆弱性	-	CVE-2007-0506	2012-06-26 15:46	2007-01-23	Show	GitHub Exploit DB Packet Storm

251523	8.5	危険	Drupal	-	Drupal 用の Project issue tracking モジュールにおける任意のコードを実行される脆弱性	-	CVE-2007-0505	2012-06-26 15:46	2007-01-23	Show	GitHub Exploit DB Packet Storm

251524	7.5	危険	bradabra	-	Bradabra の include/includes.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-0500	2012-06-26 15:46	2007-01-25	Show	GitHub Exploit DB Packet Storm

251525	7.5	危険	enthusiast	-	Enthusiast における SQL インジェクションの脆弱性	-	CVE-2007-0484	2012-06-26 15:46	2007-01-24	Show	GitHub Exploit DB Packet Storm

251526	6.8	警告	enthusiast	-	Enthusiast におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-0483	2012-06-26 15:46	2007-01-24	Show	GitHub Exploit DB Packet Storm

251527	4.3	警告	アップル	-	Safari で使用される WebCore におけるクロスサイトスクリプティング攻撃を誘発される脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-0478	2012-06-26 15:46	2007-01-25	Show	GitHub Exploit DB Packet Storm

251528	4.6	警告	Gentoo Linux	-	Gentoo Linux の gencert.sh スクリプトにおける任意のファイルを上書きされる脆弱性	-	CVE-2007-0476	2012-06-26 15:46	2007-01-23	Show	GitHub Exploit DB Packet Storm

251529	5	警告	アップル	-	Apple Software Update におけるフォーマットストリングの脆弱性	-	CVE-2007-0463	2012-06-26 15:46	2007-01-29	Show	GitHub Exploit DB Packet Storm

251530	10	危険	アップル	-	Mac OS X の Quicktime などの _GetSrcBits32ARGB 関数におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2007-0462	2012-06-26 15:46	2007-01-25	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1541	8.8	HIGH Network	-	-	Warp is an agentic development environment. From 0.2023.03.21.08.02.stable_00 until 0.2026.05.06.15.42.stable_01, Warp contains a command injection issue in the legacy SSH background command path. Wa…	CWE-78 OS Command	CVE-2026-48732	2026-06-25 23:29	2026-06-25	Show	GitHub Exploit DB Packet Storm

1542	7.7	HIGH Local	-	-	Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. …	CWE-78 CWE-116 OS Command Improper Encoding or Escaping of Output	CVE-2026-54699	2026-06-25 23:29	2026-06-25	Show	GitHub Exploit DB Packet Storm

1543	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI added collection-level ACL checks, but the patch can still be bypassed wh…	CWE-862 CWE-943 Missing Authorization Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-54019	2026-06-25 23:27	2026-06-24	Show	GitHub Exploit DB Packet Storm

1544	8.1	HIGH Network	-	-	picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code th…	CWE-502 Deserialization of Untrusted Data	CVE-2025-71354	2026-06-25 23:25	2026-06-24	Show	GitHub Exploit DB Packet Storm

1545	8.1	HIGH Network	-	-	picklescan before 0.0.29 fails to detect malicious idlelib.calltip.Calltip.fetch_tip calls in pickle files, allowing remote code execution. Attackers can embed undetected payloads in pickle files tha…	CWE-95 Eval Injection	CVE-2025-71361	2026-06-25 23:25	2026-06-24	Show	GitHub Exploit DB Packet Storm

1546	-		-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, Lute's HTML sanitizer does not remove <iframe> elements. Combined with the SiYuan Electron client's permissive security …	CWE-79 Cross-site Scripting	CVE-2026-54759	2026-06-25 23:22	2026-06-25	Show	GitHub Exploit DB Packet Storm

1547	7.5	HIGH Network	-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the patch for CVE-2026-41894 ("Path Traversal via Double URL Encoding") sanitized the /export/ route but the identical r…	CWE-22 CWE-23 CWE-1188 Path Traversal Relative Path Traversal Insecure Default Initialization of Resource	CVE-2026-54066	2026-06-25 23:22	2026-06-25	Show	GitHub Exploit DB Packet Storm

1548	6.1	MEDIUM Network	-	-	NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, a reflected XSS vulnerability exists in the Page Leaving Warning page. The ncRedirectUrl and ncBackUrl query parameters …	CWE-79 Cross-site Scripting	CVE-2026-46547	2026-06-25 23:21	2026-06-24	Show	GitHub Exploit DB Packet Storm

1549	4.3	MEDIUM Network	-	-	NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the request-filtering-agent SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord,…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-46548	2026-06-25 23:21	2026-06-24	Show	GitHub Exploit DB Packet Storm

1550	2.0	LOW Network	-	-	NocoDB is software for building databases as spreadsheets. Prior to 2026.04.1, the OAuth token strategy attached oauth_scope and oauth_granted_resources to the request user, but the ACL middleware ne…	CWE-863 Incorrect Authorization	CVE-2026-46549	2026-06-25 23:21	2026-06-24	Show	GitHub Exploit DB Packet Storm