Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3601 5.3 警告
Network 		HCL Technologies Limited DFX Analytics HCL Technologies LimitedのDFX Analyticsにおけるエラーメッセージによる情報漏えいに関する脆弱性 CWE-209
エラーメッセージによる情報漏えい 		CVE-2025-59853 2026-05-11 11:03 2026-05-6 Show GitHub Exploit DB Packet Storm
3602 6.1 警告
Network 		HCL Technologies Limited DFX Analytics HCL Technologies LimitedのDFX Analyticsにおける複数の脆弱性 CWE-79
CWE-80
CVE-2025-59854 2026-05-11 11:03 2026-05-6 Show GitHub Exploit DB Packet Storm
3603 9.4 緊急
Network 		Deutsche Telekom AG Telekom Account Management Portal Deutsche Telekom AGのTelekom Account Management Portalにおけるパスワード管理機能に関する脆弱性 CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み 		CVE-2025-69614 2026-05-11 11:03 2026-03-10 Show GitHub Exploit DB Packet Storm
3604 9.1 緊急
Network 		Deutsche Telekom AG Telekom Account Management Portal Deutsche Telekom AGのTelekom Account Management Portalにおける過度な認証試行の不適切な制限に関する脆弱性 CWE-307
過度な認証試行の不適切な制限 		CVE-2025-69615 2026-05-11 11:03 2026-03-10 Show GitHub Exploit DB Packet Storm
3605 6.1 警告
Network 		generatedata generatedata generatedataにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-70025 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
3606 7.5 重要
Network 		pdfmake project pdfmake pdfmakeにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-26801 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
3607 7.8 重要
Local 		Luis Novo (lfnovo) Open Notebook Luis Novo (lfnovo)のOpen Notebookにおける複数の脆弱性 CWE-20
CWE-352
CWE-917
CWE-noinfo
CVE-2026-28201 2026-05-11 11:02 2026-05-7 Show GitHub Exploit DB Packet Storm
3608 9.8 緊急
Network 		Xiaomi MIUI File Explorer XiaomiのMIUI File Explorerにおける複数の脆弱性 CWE-303
CWE-862
CVE-2026-29515 2026-05-11 11:02 2026-03-11 Show GitHub Exploit DB Packet Storm
3609 6.1 警告
Network 		WorkflowFirst Software LLC Staff.Wiki WorkflowFirst Software LLCのStaff.Wikiにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-29969 2026-05-11 11:02 2026-03-26 Show GitHub Exploit DB Packet Storm
3610 5.4 警告
Network 		spomky-labs webauthn-lib
webauthn-symfony-bundle
webauthn framwork 		spomky-labsのwebauthn-lib等の複数製品における同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2026-30964 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 9, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
841 6.5 MEDIUM
Network 		- - Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: … CWE-451
 User Interface (UI) Misrepresentation of Critical Information 		CVE-2026-11215 2026-06-6 00:16 2026-06-5 Show GitHub Exploit DB Packet Storm
842 6.5 MEDIUM
Network 		- - Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity:… CWE-346
CWE-352
 Origin Validation Error
 Origin Validation Error 		CVE-2026-11214 2026-06-6 00:16 2026-06-5 Show GitHub Exploit DB Packet Storm
843 9.6 CRITICAL
Network 		- - Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox … CWE-20
 Improper Input Validation  		CVE-2026-11213 2026-06-6 00:16 2026-06-5 Show GitHub Exploit DB Packet Storm
844 5.5 MEDIUM
Local 		ni ni-pal Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability aff… CWE-476
 NULL Pointer Dereference 		CVE-2026-8035 2026-06-6 00:11 2026-06-3 Show GitHub Exploit DB Packet Storm
845 7.8 HIGH
Local 		ni ni-pal Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p… CWE-1285
 Improper Validation of Specified Index, Position, or Offset in Input 		CVE-2026-8036 2026-06-6 00:10 2026-06-3 Show GitHub Exploit DB Packet Storm
846 - - - Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However… CWE-863
 Incorrect Authorization 		CVE-2026-41235 2026-06-6 00:09 2026-06-5 Show GitHub Exploit DB Packet Storm
847 - - - Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0`… CWE-74
Injection 		CVE-2026-41237 2026-06-6 00:09 2026-06-5 Show GitHub Exploit DB Packet Storm
848 7.6 HIGH
Network 		- - Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer… CWE-74
Injection 		CVE-2026-41234 2026-06-6 00:09 2026-06-5 Show GitHub Exploit DB Packet Storm
849 7.8 HIGH
Local 		- - A vulnerability in the CLI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to… CWE-116
 Improper Encoding or Escaping of Output 		CVE-2026-20245 2026-06-6 00:03 2026-06-5 Show GitHub Exploit DB Packet Storm
850 8.8 HIGH
Network 		- - Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… CWE-20
CWE-94
CWE-119
 Improper Input Validation 
Code Injection
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2026-10904 2026-06-6 00:02 2026-06-5 Show GitHub Exploit DB Packet Storm