Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 18, 2026, 12:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3131	7.5	重要 Network	Apache Software Foundation	Apache OFBiz	Apache Software FoundationのApache OFBizにおける情報漏えいに関する脆弱性	CWE-200 情報漏えい	CVE-2026-31909	2026-05-21 10:53	2026-05-19	Show	GitHub Exploit DB Packet Storm

3132	7.5	重要 Network	Apache Software Foundation	Apache OFBiz	Apache Software FoundationのApache OFBizにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-31910	2026-05-21 10:53	2026-05-19	Show	GitHub Exploit DB Packet Storm

3133	9.1	緊急 Network	Apache Software Foundation	Apache OFBiz	Apache Software FoundationのApache OFBizにおけるハードコードされた暗号鍵の使用に関する脆弱性	CWE-321 ハードコードされた暗号鍵の使用	CVE-2026-31986	2026-05-21 10:53	2026-05-19	Show	GitHub Exploit DB Packet Storm

3134	4.8	警告 Network	Mattermost, Inc.	Mattermost Server	Mattermost, Inc.のMattermost Serverにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3495	2026-05-21 10:53	2026-05-18	Show	GitHub Exploit DB Packet Storm

3135	6.5	警告 Network	Apache Software Foundation	Apache OFBiz	Apache Software FoundationのApache OFBizにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-35086	2026-05-21 10:52	2026-05-19	Show	GitHub Exploit DB Packet Storm

3136	8.8	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Office Long Term Servicing Channel (LTSC)	Microsoft Office クイック実行の特権の昇格の脆弱性	CWE-1220 アクセス制御の不十分な粒度	CVE-2026-35436	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

3137	5.5	警告 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Microsoft Word Office Long Term Servicing Channel (LTSC)	Microsoft Word の情報漏えいの脆弱性	CWE-552 外部からアクセス可能なファイルまたはディレクトリ	CVE-2026-35440	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

3138	4.3	警告 Network	Mattermost, Inc.	Mattermost Server	Mattermost, Inc.のMattermost Serverにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-3637	2026-05-21 10:52	2026-05-18	Show	GitHub Exploit DB Packet Storm

3139	9.8	緊急 Network	H2O.ai	H2O	H2O.aiのH2Oにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-3960	2026-05-21 10:52	2026-04-23	Show	GitHub Exploit DB Packet Storm

3140	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Office Long Term Servicing Channel (LTSC)	Microsoft Office のリモートコードが実行される脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-40358	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 18, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
311771	5.5	MEDIUM Local	linux canonical opensuse suse avaya vmware	linux_kernel ubuntu_linux opensuse suse_linux_enterprise_server suse_linux_enterprise_desktop aura_system_manager aura_communication_manager voice_portal aura_system_platform<…	The actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc2 does not properly initialize certain structure members when performing dump operations, which al…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2010-2942	2024-11-21 10:17	2010-09-22	Show	GitHub Exploit DB Packet Storm

311772	-		squid-cache	squid	The string-comparison functions in String.cci in Squid 3.x before 3.1.8 and 3.2.x before 3.2.0.2 allow remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a …	NVD-CWE-Other	CVE-2010-3072	2024-11-21 10:17	2010-09-21	Show	GitHub Exploit DB Packet Storm

311773	-		hp	system_management_homepage	Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this issue wa…	CWE-79 Cross-site Scripting	CVE-2010-3012	2024-11-21 10:17	2010-09-18	Show	GitHub Exploit DB Packet Storm

311774	-		arg0	encfs	EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher mode with the same initialization vector, which makes it easier for local users to obtain sensitive information via calculations…	CWE-310 Cryptographic Issues	CVE-2010-3075	2024-11-21 10:17	2010-09-18	Show	GitHub Exploit DB Packet Storm

311775	-		arg0	encfs	SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of an AES cipher and a CBC cipher mode for encrypted filesystems, which allows local users to obtain sensitive information via a wate…	CWE-310 Cryptographic Issues	CVE-2010-3074	2024-11-21 10:17	2010-09-18	Show	GitHub Exploit DB Packet Storm

311776	-		arg0	encfs	SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer data sizes when constructing headers intended for randomization of initialization vectors, which makes it easier for local users …	CWE-310 Cryptographic Issues	CVE-2010-3073	2024-11-21 10:17	2010-09-18	Show	GitHub Exploit DB Packet Storm

311777	-		hp	system_management_homepage	CRLF injection vulnerability in HP System Management Homepage (SMH) before 6.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vec…	CWE-20 Improper Input Validation	CVE-2010-3011	2024-11-21 10:17	2010-09-18	Show	GitHub Exploit DB Packet Storm

311778	-		hp	3com_officeconnect_gigabit_vpn_firewall_software 3crevf100-73	Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect Gigabit VPN Firewall 3CREVF100-73 with firmware before 1.0.13 allows remote attackers to inject arbitrary web script or HTML via …	CWE-79 Cross-site Scripting	CVE-2010-3010	2024-11-21 10:17	2010-09-16	Show	GitHub Exploit DB Packet Storm

311779	-		microsoft	windows_server_2008 windows_xp windows_vista windows_server_2003 office	The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Offic…	CWE-20 Improper Input Validation	CVE-2010-2738	2024-11-21 10:17	2010-09-16	Show	GitHub Exploit DB Packet Storm

311780	-		-	-	Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended acce…	CWE-287 Improper Authentication	CVE-2010-2731	2024-11-21 10:17	2010-09-16	Show	GitHub Exploit DB Packet Storm