Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
731	7.1	重要 Local	オラクル	Oracle Solaris	オラクルのOracle Solarisにおける複数の脆弱性	CWE-269 CWE-400	CVE-2026-46914	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

732	8.8	重要 Network	オラクル	Oracle Process Manufacturing Product Development	オラクルのOracle Process Manufacturing Product Developmentにおける複数の脆弱性	CWE-269 CWE-284 CWE-287 CWE-306	CVE-2026-46916	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

733	9.9	緊急 Network	オラクル	Oracle Process Manufacturing Product Development	オラクルのOracle Process Manufacturing Product Developmentにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46918	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

734	8.1	重要 Network	オラクル	Oracle Receivables	オラクルのOracle Receivablesにおける複数の脆弱性	CWE-284 CWE-306	CVE-2026-46927	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

735	8.8	重要 Network	オラクル	Oracle Enterprise Asset Management	オラクルのOracle Enterprise Asset Managementにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46931	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

736	7.1	重要 Network	オラクル	Oracle Enterprise Asset Management	オラクルのOracle Enterprise Asset Managementにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46932	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

737	9.9	緊急 Network	オラクル	Oracle Applications Manager	オラクルのOracle Applications Managerにおける複数の脆弱性	CWE-269 CWE-284 CWE-306	CVE-2026-46933	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

738	8.8	重要 Network	オラクル	Oracle iSetup	オラクルのOracle iSetupにおける複数の脆弱性	CWE-269 CWE-287 CWE-306	CVE-2026-46937	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

739	9.1	緊急 Network	オラクル	Oracle iSupport	オラクルのOracle iSupportにおけるアクセス制御に関する脆弱性	CWE-284 CWE-noinfo	CVE-2026-46944	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

740	9.1	緊急 Network	オラクル	Oracle iSupport	オラクルのOracle iSupportにおけるアクセス制御に関する脆弱性	CWE-284 CWE-noinfo	CVE-2026-46945	2026-06-22 11:50	2026-06-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
611	0.0	NONE Network	-	-	The XML‑RPC API addUser method has a validation bypass introduced in the fix for CVE‑2025‑55129. As a result, API users could create usernames that enabled impersonation or stored XSS attacks. Proper… New	CWE-287 Improper Authentication	CVE-2026-44961	2026-06-26 04:52	2026-06-24	Show	GitHub Exploit DB Packet Storm

612	-		-	-	When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters (\r) the resulting file could be injected with unexpected keys and … New	CWE-74 Injection	CVE-2026-0864	2026-06-26 04:51	2026-06-24	Show	GitHub Exploit DB Packet Storm

613	-		-	-	When using the "tarfile" module with a file opened in "streaming mode" (mode="r\|") the tarfile module did not properly handle EOF, making archive parsing take exponentially longer. New	CWE-252 CWE-606 CWE-770 Unchecked Return Value Unchecked Input for Loop Condition Allocation of Resources Without Limits or Throttling	CVE-2026-11972	2026-06-26 04:51	2026-06-24	Show	GitHub Exploit DB Packet Storm

614	-		-	-	Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Google go-attestation. parseEfiSignatureList() does not advance the buffer past vendor bytes before reading entri… New	CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input	CVE-2026-12681	2026-06-26 04:51	2026-06-24	Show	GitHub Exploit DB Packet Storm

615	-		-	-	Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Action (versions prior to 0.1.22) on headless CI plat… New	CWE-20 Improper Input Validation	CVE-2026-12537	2026-06-26 04:51	2026-06-24	Show	GitHub Exploit DB Packet Storm

616	8.8	HIGH Network	-	-	Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing mal… New	CWE-121 Stack-based Buffer Overflow	CVE-2026-56766	2026-06-26 04:50	2026-06-26	Show	GitHub Exploit DB Packet Storm

617	8.5	HIGH Network	-	-	Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arb… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-56769	2026-06-26 04:50	2026-06-26	Show	GitHub Exploit DB Packet Storm

618	4.3	MEDIUM Network	-	-	NewsBlur before 14.5.0 contains a broken access control vulnerability that allows authenticated users to read private notification feeds by supplying arbitrary user_id values to the GET /social/inter… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-56772	2026-06-26 04:50	2026-06-26	Show	GitHub Exploit DB Packet Storm

619	6.4	MEDIUM Network	-	-	MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidat… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-56779	2026-06-26 04:50	2026-06-26	Show	GitHub Exploit DB Packet Storm

620	8.8	HIGH Network	-	-	Seahub before 13.0.23 does not enforce SHARE_LINK_LOGIN_REQUIRED on GET /api/v2.1/share-link-zip-task/, allowing unauthenticated users to bypass authentication. Attackers with a folder share-link tok… New	CWE-862 Missing Authorization	CVE-2026-56768	2026-06-26 04:48	2026-06-26	Show	GitHub Exploit DB Packet Storm