Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 27, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251	8.8	重要 Network	Google	Google Chrome	GoogleのGoogle Chromeにおける権限管理に関する脆弱性 New	CWE-269 不適切な権限管理	CVE-2026-12018	2026-06-26 11:48	2026-06-11	Show	GitHub Exploit DB Packet Storm

252	5.5	警告 Local	東芝	Generic IO & Memory Access ドライバー	東芝製およびDynabook製PC搭載Generic IO & Memory Access ドライバーのIOCTLインタフェースに対するアクセス制御が不十分 New	CWE-782 不十分なアクセス制御による IOCTL の公開	CVE-2026-56129	2026-06-26 09:44	2026-06-25	Show	GitHub Exploit DB Packet Storm

253	6.7	警告 Local	ソニー株式会社	Optical Disc Archive Software	Optical Disc Archive Software（Windows版）のインストーラにおけるインストール時の不適切なファイルアクセス権設定の脆弱性 Update	CWE-Other その他	CVE-2026-50255	2026-06-25 16:27	2026-06-16	Show	GitHub Exploit DB Packet Storm

254	-	-	（複数のベンダ）	（複数の製品）	CISA ICS Advisory / ICS Medical Advisory（2026年06月23日） New	-	-	2026-06-25 10:59	2026-06-24	Show	GitHub Exploit DB Packet Storm

255	-	-	日立	Hitachi Ops Center Analyzer viewpoint Hitachi Infrastructure Analytics Advisor Hitachi Ops Center Viewpoint Hitachi Ops Center&nbs…	Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center Analyzer, Hitachi Ops Center Analyzer viewpointおよびHitachi Ops Center Viewpointにおける複数の脆弱性 New	-	CVE-2023-35116 CVE-2025-24970 CVE-2025-25193 CVE-2025-48924 CVE-2025-55163 CVE-2025-58056 CVE-2025-58057	2026-06-25 09:25	2026-06-23	Show	GitHub Exploit DB Packet Storm

256	-	-	横河電機株式会社	統合情報サーバ（CIサーバ） FAST/TOOLS	横河電機製FAST/TOOLSおよびCI Serverにおける重要情報の平文送信の脆弱性	CWE-319 重要な情報の平文での送信	CVE-2026-11833	2026-06-24 14:38	2026-06-23	Show	GitHub Exploit DB Packet Storm

257	-	-	（複数のベンダ）	（複数の製品）	Microsoft Windows Recovery EnvironmentにおけるUEFI/BIOSパスワード制限回避の脆弱性	-	-	2026-06-24 14:38	2026-06-23	Show	GitHub Exploit DB Packet Storm

258	-	-	（複数のベンダ）	（複数の製品）	FastStone Image Viewerにおけるファイル解析に関する複数の脆弱性	-	-	2026-06-24 14:38	2026-06-23	Show	GitHub Exploit DB Packet Storm

259	9.8	緊急 Network	InHand Networks	IR915L-FQ39-S Firmware IR912L-FQ58 Firmware	InHand NetworksのIR912L-FQ58 Firmware等の複数製品におけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-38714	2026-06-24 10:00	2026-06-18	Show	GitHub Exploit DB Packet Storm

260	9.8	緊急 Network	InHand Networks	IR915L-FQ39-S Firmware IR912L-FQ58 Firmware	InHand NetworksのIR912L-FQ58 Firmware等の複数製品におけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-38715	2026-06-24 10:00	2026-06-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
191591	8.8	HIGH Network	tarteaucitron.js_-_cookies_legislation_\&_gdpr_project	tarteaucitron.js_-_cookies_legislation_\&_gdpr	Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) discovered in tarteaucitron.js – Cookies legislation & GDPR WordPress plugin (versions <= 1.5.4), vulnerable para…	CWE-352 Origin Validation Error	CVE-2021-36887	2024-11-21 15:14	2021-12-21	Show	GitHub Exploit DB Packet Storm

191592	8.1	HIGH Adjacent	linuxfoundation	longhorn	A Missing Authentication for Critical Function vulnerability in longhorn of SUSE Longhorn allows attackers to connect to a longhorn-engine replica instance granting it the ability to read and write d…	-	CVE-2021-36780	2024-11-21 15:14	2021-12-17	Show	GitHub Exploit DB Packet Storm

191593	9.6	CRITICAL Adjacent	linuxfoundation	longhorn	A Missing Authentication for Critical Function vulnerability in SUSE Longhorn allows any workload in the cluster to execute any binary present in the image on the host without authentication. This is…	-	CVE-2021-36779	2024-11-21 15:14	2021-12-17	Show	GitHub Exploit DB Packet Storm

191594	7.5	HIGH Network	jflyfox	jfinal_cms	JFinal_cms 5.1.0 is vulnerable to regex injection that may lead to Denial of Service.	CWE-74 Injection	CVE-2021-37262	2024-11-21 15:14	2021-12-17	Show	GitHub Exploit DB Packet Storm

191595	9.8	CRITICAL Network	blocksera	image_hover_effects	Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise discovered in Image Hover Effects Ultimate (versions <= 9.6.1) WordPress plugin.	CWE-306 Missing Authentication for Critical Function	CVE-2021-36888	2024-11-21 15:14	2021-12-16	Show	GitHub Exploit DB Packet Storm

191596	5.4	MEDIUM Network	comment_engine_pro_project	comment_engine_pro	Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role.	CWE-79 Cross-site Scripting	CVE-2021-36911	2024-11-21 15:14	2021-12-11	Show	GitHub Exploit DB Packet Storm

191597	7.5	HIGH Network	digi	transport_wr11_firmware transport_wr11_xt_firmware transport_wr21_firmware transport_wr31_firmware transport_wr41_firmware transport_wr44_firmware	An issue was discovered on Digi TransPort Gateway devices through 5.2.13.4. They do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send thos…	CWE-311 Missing Encryption of Sensitive Data	CVE-2021-37189	2024-11-21 15:14	2021-12-10	Show	GitHub Exploit DB Packet Storm

191598	8.8	HIGH Network	digi	transport_dr64_firmware transport_vc74_firmware transport_wr11_firmware transport_wr11_xt_firmware transport_wr21_firmware transport_wr31_firmware transport_wr41_firmware transpo…	An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may load customized firmware (because the bootloader does not verify that it is authentic), changing th…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2021-37188	2024-11-21 15:14	2021-12-10	Show	GitHub Exploit DB Packet Storm

191599	6.5	MEDIUM Network	digi	transport_dr64_firmware transport_vc74_firmware transport_wr11_firmware transport_wr11_xt_firmware transport_wr21_firmware transport_wr31_firmware transport_wr41_firmware transpo…	An issue was discovered on Digi TransPort devices through 2021-07-21. An authenticated attacker may read a password file (with reversible passwords) from the device, which allows decoding of other us…	CWE-522 Insufficiently Protected Credentials	CVE-2021-37187	2024-11-21 15:14	2021-12-10	Show	GitHub Exploit DB Packet Storm

191600	7.5	HIGH Network	huawei	harmonyos emui magic_ui	There is a Code Injection vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to system restart.	CWE-94 Code Injection	CVE-2021-37097	2024-11-21 15:14	2021-12-9	Show	GitHub Exploit DB Packet Storm