Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
711	9.8	緊急 Network	オラクル	JD Edwards EnterpriseOne Tools	オラクルのJD Edwards EnterpriseOne Toolsにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46881	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

712	9.8	緊急 Network	オラクル	JD Edwards EnterpriseOne Tools	オラクルのJD Edwards EnterpriseOne Toolsにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46882	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

713	9.8	緊急 Network	オラクル	JD Edwards EnterpriseOne Tools	オラクルのJD Edwards EnterpriseOne Toolsにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46883	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

714	8	重要 Network	オラクル	Oracle iSupplier Portal	オラクルのOracle iSupplier Portalにおける複数の脆弱性	CWE-352 CWE-601 CWE-640	CVE-2026-46894	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

715	9.9	緊急 Network	オラクル	Oracle Enterprise Command Center Framework	オラクルのOracle Enterprise Command Center Frameworkにおける複数の脆弱性	CWE-269 CWE-284	CVE-2026-46895	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

716	9.1	緊急 Network	オラクル	Oracle Enterprise Command Center Framework	オラクルのOracle Enterprise Command Center Frameworkにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46896	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

717	9.9	緊急 Network	オラクル	Oracle Enterprise Command Center Framework	オラクルのOracle Enterprise Command Center Frameworkにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46897	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

718	8.1	重要 Network	オラクル	Oracle Enterprise Command Center Framework	オラクルのOracle Enterprise Command Center Frameworkにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46898	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

719	9.6	緊急 Network	オラクル	Oracle Enterprise Command Center Framework	オラクルのOracle Enterprise Command Center Frameworkにおける複数の脆弱性	CWE-269 CWE-284	CVE-2026-46899	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

720	9.9	緊急 Network	オラクル	Oracle Enterprise Command Center Framework	オラクルのOracle Enterprise Command Center Frameworkにおける複数の脆弱性	CWE-269 CWE-284	CVE-2026-46900	2026-06-22 11:51	2026-06-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
190891	7.8	HIGH Local	microsoft	windows_server_2008	Windows Kernel Elevation of Privilege Vulnerability	CWE-269 Improper Privilege Management	CVE-2021-38625	2024-11-21 15:17	2021-09-15	Show	GitHub Exploit DB Packet Storm

190892	6.5	MEDIUM Network	microsoft	windows_server_2019 windows_10 windows_server_2016 windows_server_2022	Windows Key Storage Provider Security Feature Bypass Vulnerability	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2021-38624	2024-11-21 15:17	2021-09-15	Show	GitHub Exploit DB Packet Storm

190893	9.1	CRITICAL Network	apache	any23	An XML external entity (XXE) injection vulnerability was discovered in the Any23 StreamUtils.java file and is known to affect Any23 versions < 2.5. XML external entity injection (also known as XXE) i…	CWE-611 XXE	CVE-2021-38555	2024-11-21 15:17	2021-09-11	Show	GitHub Exploit DB Packet Storm

190894	9.8	CRITICAL Network	thedaylightstudio	fuel_cms	FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/logs/items	CWE-89 SQL Injection	CVE-2021-38727	2024-11-21 15:17	2021-09-10	Show	GitHub Exploit DB Packet Storm

190895	5.3	MEDIUM Network	thedaylightstudio	fuel_cms	Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2021-38725	2024-11-21 15:17	2021-09-10	Show	GitHub Exploit DB Packet Storm

190896	8.8	HIGH Network	thedaylightstudio	fuel_cms	FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in /fuel/index.php/fuel/pages/items	CWE-89 SQL Injection	CVE-2021-38723	2024-11-21 15:17	2021-09-10	Show	GitHub Exploit DB Packet Storm

190897	6.5	MEDIUM Network	thedaylightstudio	fuel_cms	FUEL CMS 1.5.0 login.php contains a cross-site request forgery (CSRF) vulnerability	CWE-352 Origin Validation Error	CVE-2021-38721	2024-11-21 15:17	2021-09-10	Show	GitHub Exploit DB Packet Storm

190898	9.8	CRITICAL Network	apache	airflow	The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3. This allowed unauthenticated users to hit that endpoint to add/modify Airflow variables used in DAGs, pote…	CWE-306 Missing Authentication for Critical Function	CVE-2021-38540	2024-11-21 15:17	2021-09-10	Show	GitHub Exploit DB Packet Storm

190899	9.8	CRITICAL Network	advantech	webaccess	A stack-based buffer overflow vulnerability in Advantech WebAccess Versions 9.02 and prior caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.	-	CVE-2021-38408	2024-11-21 15:17	2021-09-9	Show	GitHub Exploit DB Packet Storm

190900	5.4	MEDIUM Network	cliniccases	cliniccases	Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the…	CWE-79 Cross-site Scripting	CVE-2021-38707	2024-11-21 15:17	2021-09-8	Show	GitHub Exploit DB Packet Storm