Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 27, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
631	7.1	重要 Local	マイクロソフト	Microsoft Word Microsoft Excel Microsoft PowerPoint	Office for Android のなりすましの脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-45649	2026-06-22 11:55	2026-06-9	Show	GitHub Exploit DB Packet Storm

632	6.8	警告 Network	Discourse	Discourse	Discourseにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-45775	2026-06-22 11:55	2026-06-12	Show	GitHub Exploit DB Packet Storm

633	9.9	緊急 Network	オラクル	Oracle WebCenter Portal	オラクルのOracle WebCenter Portalにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46765	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

634	9.8	緊急 Network	オラクル	Oracle WebCenter Content	オラクルのOracle WebCenter Contentにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46766	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

635	9.9	緊急 Network	オラクル	Oracle WebCenter Portal	オラクルのOracle WebCenter Portalにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46767	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

636	6	警告 Local	オラクル	Oracle VM VirtualBox	オラクルのOracle VM VirtualBoxにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46768	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

637	7.2	重要 Network	オラクル	Oracle Application Development Framework (Oracle ADF)	オラクルのOracle Application Development Framework (Oracle ADF)におけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46769	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

638	6.1	警告 Network	オラクル	Oracle Application Development Framework (Oracle ADF)	オラクルのOracle Application Development Framework (Oracle ADF)におけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46770	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

639	4.1	警告 Local	オラクル	Oracle Application Development Framework (Oracle ADF)	オラクルのOracle Application Development Framework (Oracle ADF)におけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46771	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

640	4.7	警告 Local	オラクル	Oracle Application Development Framework (Oracle ADF)	オラクルのOracle Application Development Framework (Oracle ADF)におけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46772	2026-06-22 11:55	2026-06-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
320711	-	-	-	itsourcecode Online Tours and Travels Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the val-username, val-email, val-suggestions, val-digits and state_na…	-	CVE-2024-46077	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320712	-	-	-	Taskcafe 0.3.2 is vulnerable to Cross Site Scripting (XSS). There is a lack of validation in the filetype when uploading a SVG profile picture with a XSS payload on it. An authenticated attacker can …	-	CVE-2023-26771	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320713	-	-	-	TaskCafe 0.3.2 lacks validation in the Cookie value. Any unauthenticated attacker who knows a registered UserID can change the password of that user.	-	CVE-2023-26770	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320714	-	-	-	There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentiall…	CWE-79 Cross-site Scripting	CVE-2024-8149	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320715	-	-	-	There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 10.8.1 - 11.2 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary we…	CWE-601 Open Redirect	CVE-2024-8148	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320716	-	-	-	A Reflected cross-site scripting (XSS) vulnerability in "ccHandler.aspx" CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "bomid" parameter.	-	CVE-2024-41516	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320717	-	-	-	A reflected cross-site scripting (XSS) vulnerability in "ccHandlerResource.ashx" in CADClick <= 1.11.0 allows remote attackers to inject arbitrary web script or HTML via the "res_url" parameter.	-	CVE-2024-41515	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320718	-	-	-	A reflected cross-site scripting (XSS) vulnerability in "PrevPgGroup.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "wer" parameter.	-	CVE-2024-41514	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320719	-	-	-	A reflected cross-site scripting (XSS) vulnerability in "Artikel.aspx" in CADClick v1.11.0 and before allows remote attackers to inject arbitrary web script or HTML via the "searchindex" parameter.	-	CVE-2024-41513	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm

320720	-	-	-	A SQL Injection vulnerability in "ccHandler.aspx" in all versions of CADClick v.1.11.0 and before allows remote attackers to execute arbitrary SQL commands via the "bomid" parameter.	-	CVE-2024-41512	2024-10-8 02:48	2024-10-5	Show	GitHub Exploit DB Packet Storm