Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
5101	7.5	重要 Network	マイクロソフト	Microsoft Windows 11 25h2 Microsoft Windows Server 2016 Microsoft Windows 10 1809 Microsoft Windows 11 23h2 Microsoft Wind…	インターネットキー交換 (IKE) プロトコルのサービス拒否の脆弱性	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-35424	2026-05-18 12:15	2026-05-12	Show	GitHub Exploit DB Packet Storm

5102	5.4	警告 Network	Frappe	Frappe	Frappeにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3837	2026-05-18 12:15	2026-04-22	Show	GitHub Exploit DB Packet Storm

5103	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 25h2 Microsoft Windows 11 24h2 Microsoft Windows 11 26h1 Microsoft Windows Server 2025	Windows カーネルの特権の昇格の脆弱性	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-40369	2026-05-18 12:15	2026-05-12	Show	GitHub Exploit DB Packet Storm

5104	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 25h2 Microsoft Windows Server 2016 Microsoft Windows 10 1809 Microsoft Windows 11 23h2 Microsoft Wind…	Microsoft Cryptographic Services の特権の昇格の脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-40377	2026-05-18 12:15	2026-05-12	Show	GitHub Exploit DB Packet Storm

5105	6.2	警告 Physics	マイクロソフト	Microsoft Windows 11 25h2 Microsoft Windows Server 2016 Microsoft Windows 10 1809 Microsoft Windows 11 23h2 Microsoft Wind…	Windows ボリュームマネージャー拡張ドライバーのリモートでコードが実行される脆弱性	CWE-122 CWE-125 CWE-197	CVE-2026-40380	2026-05-18 12:15	2026-05-12	Show	GitHub Exploit DB Packet Storm

5106	7.5	重要 Network	PHPOffice	PhpSpreadsheet	PHPOfficeのPhpSpreadsheetにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-40902	2026-05-18 12:15	2026-05-12	Show	GitHub Exploit DB Packet Storm

5107	6.8	警告 Adjacent	VMware	Spring Boot	VMwareのSpring Bootにおける証明書検証に関する脆弱性	CWE-295 不正な証明書検証	CVE-2026-40970	2026-05-18 12:15	2026-04-27	Show	GitHub Exploit DB Packet Storm

5108	9.1	緊急 Network	VMware	Spring Boot	VMwareのSpring Bootにおける証明書検証に関する脆弱性	CWE-295 不正な証明書検証	CVE-2026-40971	2026-05-18 12:15	2026-04-27	Show	GitHub Exploit DB Packet Storm

5109	9.8	緊急 Network	VMware	Spring Boot	VMwareのSpring Bootにおける証明書検証に関する脆弱性	CWE-295 不正な証明書検証	CVE-2026-40974	2026-05-18 12:15	2026-04-28	Show	GitHub Exploit DB Packet Storm

5110	7.2	重要 Network	SonicWALL	SMA7200 ファームウェア SMA7210 ファームウェア SMA8200v SMA6200 ファームウェア SMA6210 ファームウェア	SonicWALLのSMA6200 ファームウェア等の複数製品におけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-4112	2026-05-18 12:15	2026-04-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1791	6.4	MEDIUM Network	mattermost	mattermost_server	Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to…	CWE-306 Missing Authentication for Critical Function	CVE-2026-6673	2026-06-24 05:49	2026-06-22	Show	GitHub Exploit DB Packet Storm

1792	3.8	LOW Network	mattermost	mattermost_server	Mattermost versions 11.7.x <= 11.7.0, 10.11.x <= 10.11.17 fail to enforce bot-specific permission checks on the user active status endpoint, which allows a User Manager with user management write acc…	CWE-863 Incorrect Authorization	CVE-2026-8074	2026-06-24 05:48	2026-06-22	Show	GitHub Exploit DB Packet Storm

1793	4.3	MEDIUM Network	mattermost	mattermost_server	Mattermost versions 11.7.x <= 11.7.0, 11.6.x <= 11.6.2, 11.5.x <= 11.5.5, 10.11.x <= 10.11.17 fail to invalidate cached authentication state for active WebSocket connections during global session rev…	CWE-613 Insufficient Session Expiration	CVE-2026-9162	2026-06-24 05:47	2026-06-22	Show	GitHub Exploit DB Packet Storm

1794	7.5	HIGH Network	ibm	websphere_application_server	IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted req…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-9320	2026-06-24 05:46	2026-06-23	Show	GitHub Exploit DB Packet Storm

1795	7.5	HIGH Network	ibm	websphere_application_server	IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted req…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-9071	2026-06-24 05:46	2026-06-23	Show	GitHub Exploit DB Packet Storm

1796	7.3	HIGH Network	ibm	websphere_application_server	IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to bypass authentication and gain unauthorized access to JAX-WS applications.	CWE-287 Improper Authentication	CVE-2026-10845	2026-06-24 05:36	2026-06-23	Show	GitHub Exploit DB Packet Storm

1797	7.7	HIGH Network	-	-	Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, Daytona's organization role update and delete endpoints authorized the ca…	CWE-639 CWE-862 Authorization Bypass Through User-Controlled Key Missing Authorization	CVE-2026-54322	2026-06-24 05:16	2026-06-24	Show	GitHub Exploit DB Packet Storm

1798	7.5	HIGH Network	-	-	Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.8, the Docker API server's SSRF protection (validate_webhook_url / validate_url_destination in deploy/docker/utils.py) used…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-53754	2026-06-24 05:16	2026-06-24	Show	GitHub Exploit DB Packet Storm

1799	9.8	CRITICAL Network	-	-	Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes st…	CWE-94 CWE-913 Code Injection Improper Control of Dynamically-Managed Code Resources	CVE-2026-53753	2026-06-24 05:16	2026-06-24	Show	GitHub Exploit DB Packet Storm

1800	7.8	HIGH Local	-	-	Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the…	CWE-428 Unquoted Search Path or Element	CVE-2020-37254	2026-06-24 05:16	2026-06-20	Show	GitHub Exploit DB Packet Storm