Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
571	7.5	重要 Network	chimurai	http-proxy-middleware	chimuraiのhttp-proxy-middlewareにおけるCRLF インジェクションの脆弱性	CWE-93 CRLF インジェクション	CVE-2026-55603	2026-06-26 11:54	2026-06-22	Show	GitHub Exploit DB Packet Storm

572	6.5	警告 Network	レッドハット OpenBSD	Red Hat Hardened Images Red Hat OpenShift Container Platform OpenSSH Red Hat Enterprise Linux	OpenBSD等の複数ベンダの製品における二重解放に関する脆弱性	CWE-415 二重解放	CVE-2026-55653	2026-06-26 11:54	2026-06-23	Show	GitHub Exploit DB Packet Storm

573	3.7	低 Network	レッドハット OpenBSD	Red Hat Hardened Images OpenSSH Red Hat Enterprise Linux	OpenBSD等の複数ベンダの製品における境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-55654	2026-06-26 11:54	2026-06-23	Show	GitHub Exploit DB Packet Storm

574	6.1	警告 Local	レッドハット OpenBSD	OpenSSH Red Hat Enterprise Linux	OpenBSD等の複数ベンダの製品における意図するエンドポイントとの通信チャネルの制限に関する脆弱性	CWE-923 意図するエンドポイントとの通信チャネルの不適切な制限	CVE-2026-55655	2026-06-26 11:54	2026-06-23	Show	GitHub Exploit DB Packet Storm

575	4.9	警告 Local	libexpat project	libexpat	libexpat projectのlibexpatにおける解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-56131	2026-06-26 11:53	2026-06-19	Show	GitHub Exploit DB Packet Storm

576	6.9	警告 Local	libexpat project	libexpat	libexpat projectのlibexpatにおける不正な同期に関する脆弱性	CWE-821 不正な同期	CVE-2026-56132	2026-06-26 11:53	2026-06-19	Show	GitHub Exploit DB Packet Storm

577	8.1	重要 Network	Kidocode Sdn Bhd	Crawl4AI	Kidocode Sdn BhdのCrawl4AIにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-56258	2026-06-26 11:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

578	6.1	警告 Network	Kidocode Sdn Bhd	Crawl4AI	Kidocode Sdn BhdのCrawl4AIにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-56263	2026-06-26 11:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

579	7.7	重要 Network	flowiseai	flowise	flowiseaiのflowiseにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-56268	2026-06-26 11:53	2026-06-22	Show	GitHub Exploit DB Packet Storm

580	9.9	緊急 Network	flowiseai	flowise	flowiseaiのflowiseにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-56274	2026-06-26 11:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
190721	7.5	HIGH Network	ibm	sterling_connect\	IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 209508.	CWE-326 Inadequate Encryption Strength	CVE-2021-38891	2024-11-21 15:18	2021-11-24	Show	GitHub Exploit DB Packet Storm

190722	7.5	HIGH Network	ibm	sterling_connect\	IBM Sterling Connect:Direct Web Services 1.0 and 6.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 209507.	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2021-38890	2024-11-21 15:18	2021-11-24	Show	GitHub Exploit DB Packet Storm

190723	6.5	MEDIUM Network	ibm	mq	IBM MQ 8.0, 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.1 CD, and 9.2 CD is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 208398.	NVD-CWE-noinfo	CVE-2021-38875	2024-11-21 15:18	2021-11-24	Show	GitHub Exploit DB Packet Storm

190724	5.4	MEDIUM Network	oroinc	client_relationship_management	OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cros…	CWE-352 Origin Validation Error	CVE-2021-39198	2024-11-21 15:18	2021-11-20	Show	GitHub Exploit DB Packet Storm

190725	8.8	HIGH Network	apache	ozone	In Apache Ozone before 1.2.0, Authenticated users with valid Ozone S3 credentials can create specific OM requests, impersonating any other user.	CWE-862 Missing Authorization	CVE-2021-39236	2024-11-21 15:18	2021-11-19	Show	GitHub Exploit DB Packet Storm

190726	6.5	MEDIUM Network	apache	ozone	In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2021-39235	2024-11-21 15:18	2021-11-19	Show	GitHub Exploit DB Packet Storm

190727	6.8	MEDIUM Network	apache	ozone	In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.	CWE-863 Incorrect Authorization	CVE-2021-39234	2024-11-21 15:18	2021-11-19	Show	GitHub Exploit DB Packet Storm

190728	9.1	CRITICAL Network	apache	ozone	In Apache Ozone versions prior to 1.2.0, Container related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.	NVD-CWE-Other	CVE-2021-39233	2024-11-21 15:18	2021-11-19	Show	GitHub Exploit DB Packet Storm

190729	8.8	HIGH Network	apache	ozone	In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins.	CWE-862 Missing Authorization	CVE-2021-39232	2024-11-21 15:18	2021-11-19	Show	GitHub Exploit DB Packet Storm

190730	9.1	CRITICAL Network	apache	ozone	In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone…	CWE-862 Missing Authorization	CVE-2021-39231	2024-11-21 15:18	2021-11-19	Show	GitHub Exploit DB Packet Storm