Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
21 8.8 重要
Network 		Stichting NLnet Labs NSD NLnet LabsのNSDにおける複数の脆弱性 New CWE-122
CWE-190
CVE-2026-12244 2026-06-29 11:25 2026-06-25 Show GitHub Exploit DB Packet Storm
22 7.5 重要
Network 		Stichting NLnet Labs NSD NLnet LabsのNSDにおける解放済みメモリの使用に関する脆弱性 New CWE-416
解放済みメモリの使用 		CVE-2026-12245 2026-06-29 11:25 2026-06-25 Show GitHub Exploit DB Packet Storm
23 8.1 重要
Network 		Stichting NLnet Labs NSD NLnet LabsのNSDにおける複数の脆弱性 New CWE-120
CWE-20
CVE-2026-12246 2026-06-29 11:25 2026-06-25 Show GitHub Exploit DB Packet Storm
24 6.1 警告
Network 		PowerSchool Inc. Employee Access Center PowerSchool Inc.のEmployee Access Centerにおけるクロスサイトスクリプティングの脆弱性 New CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-12425 2026-06-29 11:25 2026-06-16 Show GitHub Exploit DB Packet Storm
25 7.5 重要
Network 		Stichting NLnet Labs NSD NLnet LabsのNSDにおける複数の脆弱性 New CWE-284
CWE-306
CVE-2026-12490 2026-06-29 11:25 2026-06-25 Show GitHub Exploit DB Packet Storm
26 7.1 重要
Local 		シーメンス SIMATIC WinCC Unified PC Runtime シーメンスのSIMATIC WinCC Unified PC Runtimeにおけるファイル内またはディスク上の平文保存に関する脆弱性 New CWE-313
ファイル内またはディスク上の平文保存 		CVE-2026-24349 2026-06-29 11:25 2026-06-9 Show GitHub Exploit DB Packet Storm
27 8.2 重要
Network 		Docling Docling Doclingにおける複数の脆弱性 New CWE-918
CWE-94
CVE-2026-44016 2026-06-29 11:25 2026-06-24 Show GitHub Exploit DB Packet Storm
28 7.5 重要
Network 		Docling Docling Doclingにおけるパストラバーサルの脆弱性 New CWE-22
パス・トラバーサル 		CVE-2026-44017 2026-06-29 11:25 2026-06-24 Show GitHub Exploit DB Packet Storm
29 7.5 重要
Network 		Docling Docling DoclingにおけるDTD の再帰的なエンティティ参照の不適切な制限に関する脆弱性 New CWE-776
DTD の再帰的なエンティティ参照の不適切な制限 		CVE-2026-44020 2026-06-29 11:25 2026-06-24 Show GitHub Exploit DB Packet Storm
30 5.5 警告
Local 		Docling Docling Doclingにおけるパストラバーサルの脆弱性 New CWE-22
パス・トラバーサル 		CVE-2026-44022 2026-06-29 11:25 2026-06-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
254241 7.5 HIGH
Network 		lms lms lms version <= LMS_011123 contains a Local File Disclosure vulnerability in File reading functionality in LMS module that can result in Possible to read files on the server. This attack appear to be … CWE-200
Information Exposure 		CVE-2018-1000535 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254242 6.1 MEDIUM
Network 		joplin_project joplin Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Not… CWE-79
Cross-site Scripting 		CVE-2018-1000534 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254243 9.8 CRITICAL
Network 		gitlist gitlist klaussilveira GitList version <= 0.6 contains a Passing incorrectly sanitized input to system function vulnerability in `searchTree` function that can result in Execute any code as PHP user. This att… CWE-20
 Improper Input Validation  		CVE-2018-1000533 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254244 4.7 MEDIUM
Local 		beep_project beep beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by oth… CWE-22
Path Traversal 		CVE-2018-1000532 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254245 7.5 HIGH
Network 		inversoft prime-jwt inversoft prime-jwt version prior to commit abb0d479389a2509f939452a6767dc424bb5e6ba contains a CWE-20 vulnerability in JWTDecoder.decode that can result in an incorrect signature validation of a JWT… CWE-20
 Improper Input Validation  		CVE-2018-1000531 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254246 6.1 MEDIUM
Network 		grails grails_fields Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS . This vulnerability appears to have been fixed in 2.2.8. CWE-79
Cross-site Scripting 		CVE-2018-1000529 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254247 6.1 MEDIUM
Network 		debian
gonicus 		debian_linux
gosa 		GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in in… CWE-79
Cross-site Scripting 		CVE-2018-1000528 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254248 7.2 HIGH
Network 		froxlor froxlor Froxlor version <= 0.9.39.5 contains a PHP Object Injection vulnerability in Domain name form that can result in Possible information disclosure and remote code execution. This attack appear to be ex… CWE-502
 Deserialization of Untrusted Data 		CVE-2018-1000527 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254249 7.5 HIGH
Network 		openpsa2 openpsa Openpsa contains a XML Injection vulnerability in RSS file upload feature that can result in Remote denial of service. This attack appear to be exploitable via Specially crafted XML file. This vulner… CWE-91
Blind XPath Injection 		CVE-2018-1000526 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm
254250 9.8 CRITICAL
Network 		openpsa2 openpsa openpsa contains a PHP Object Injection vulnerability in Form data passed as GET request variables that can result in Possible information disclosure and remote code execution. This attack appear to … CWE-502
 Deserialization of Untrusted Data 		CVE-2018-1000525 2024-11-21 12:40 2018-06-27 Show GitHub Exploit DB Packet Storm