Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 15, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3491 8.7 重要
Network 		Daniel Garcia Vaultwarden Daniel GarciaのVaultwardenにおける認可に関する脆弱性 CWE-285
不適切な認可 		CVE-2026-43912 2026-05-18 11:25 2026-05-11 Show GitHub Exploit DB Packet Storm
3492 9.1 緊急
Network 		OPNsense project OPNsense OPNsenseにおける引数の挿入または変更に関する脆弱性 CWE-88
引数の挿入または変更 		CVE-2026-44193 2026-05-18 11:25 2026-05-13 Show GitHub Exploit DB Packet Storm
3493 9.1 緊急
Network 		OPNsense project OPNsense OPNsenseにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-44194 2026-05-18 11:25 2026-05-13 Show GitHub Exploit DB Packet Storm
3494 6.5 警告
Network 		OPNsense project OPNsense OPNsenseにおける過度な認証試行の不適切な制限に関する脆弱性 CWE-307
過度な認証試行の不適切な制限 		CVE-2026-44195 2026-05-18 11:25 2026-05-13 Show GitHub Exploit DB Packet Storm
3495 9.8 緊急
Network 		フォーティネット FortiAuthenticator フォーティネットのFortiAuthenticatorにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-44277 2026-05-18 11:25 2026-05-12 Show GitHub Exploit DB Packet Storm
3496 5.5 警告
Local 		フォーティネット FortiClient フォーティネットのFortiClientにおけるハードコードされた暗号鍵の使用に関する脆弱性 CWE-321
ハードコードされた暗号鍵の使用 		CVE-2026-44278 2026-05-18 11:25 2026-05-12 Show GitHub Exploit DB Packet Storm
3497 5.5 警告
Local 		フォーティネット FortiToken Mobile フォーティネットのFortiToken MobileにおけるAndroid アプリケーションコンポーネントの不適切なエクスポートの脆弱性 CWE-926
Android アプリケーションコンポーネントの不適切なエクスポート 		CVE-2026-44279 2026-05-18 11:25 2026-05-12 Show GitHub Exploit DB Packet Storm
3498 4.3 警告
Network 		etcd etcd etcd-ioのetcdにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-44283 2026-05-18 11:25 2026-05-14 Show GitHub Exploit DB Packet Storm
3499 5.3 警告
Network 		MISP MISP MISPにおける入力確認に関する脆弱性 CWE-20
CWE-noinfo
CVE-2026-44379 2026-05-18 11:25 2026-05-13 Show GitHub Exploit DB Packet Storm
3500 7.2 重要
Network 		MISP MISP MISPにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-44380 2026-05-18 11:25 2026-05-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 16, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2451 - - - A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network a… CWE-22
CWE-798
Path Traversal
 Use of Hard-coded Credentials 		CVE-2026-11414 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2452 - - - A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authen… CWE-22
CWE-434
Path Traversal
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-11419 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2453 - - - Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on… CWE-22
CWE-306
Path Traversal
Missing Authentication for Critical Function 		CVE-2026-11420 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2454 8.0 HIGH
Network 		- - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges t… CWE-426
 Untrusted Search Path 		CVE-2026-11400 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2455 8.0 HIGH
Network 		- - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to … CWE-426
 Untrusted Search Path 		CVE-2026-11401 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2456 - - - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure flag. This allow… CWE-614
 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 		CVE-2026-46398 2026-06-6 05:48 2026-06-6 Show GitHub Exploit DB Packet Storm
2457 7.5 HIGH
Network 		- - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue. CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2026-46493 2026-06-6 05:48 2026-06-6 Show GitHub Exploit DB Packet Storm
2458 7.1 HIGH
Adjacent 		securly securly Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension … CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-8874 2026-06-6 05:47 2026-06-4 Show GitHub Exploit DB Packet Storm
2459 7.5 HIGH
Network 		securly securly Version 3.0.7 of the Securly Chrome Extension uses EVP_BytesToKey key derivation with MD5 and a single iteration for AES encryption. MD5 has been broken since 2004 and a single iteration provides no … NVD-CWE-noinfo
CVE-2026-8881 2026-06-6 05:46 2026-06-4 Show GitHub Exploit DB Packet Storm
2460 7.5 HIGH
Network 		securly securly Version 3.0.7 of the Securly Chrome Extension downloads config.json over HTTP and compiles server-provided patterns as JavaScript regular expressions via new RegExp() without complexity validation. A… CWE-917
CWE-1333
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
 Inefficient Regular Expression Complexity 		CVE-2026-8888 2026-06-6 05:46 2026-06-4 Show GitHub Exploit DB Packet Storm