Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 28, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
741 9.1 緊急
Network 		オラクル Oracle iSupport オラクルのOracle iSupportにおけるアクセス制御に関する脆弱性 CWE-284
CWE-noinfo
CVE-2026-46946 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
742 8.8 重要
Network 		オラクル Oracle Advanced Outbound Telephony オラクルのOracle Advanced Outbound Telephonyにおけるアクセス制御に関する脆弱性 CWE-284
CWE-noinfo
CVE-2026-46947 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
743 9.1 緊急
Network 		オラクル Oracle Advanced Outbound Telephony オラクルのOracle Advanced Outbound Telephonyにおけるアクセス制御に関する脆弱性 CWE-284
CWE-noinfo
CVE-2026-46949 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
744 8.8 重要
Network 		オラクル Oracle Advanced Outbound Telephony オラクルのOracle Advanced Outbound Telephonyにおけるアクセス制御に関する脆弱性 CWE-284
CWE-noinfo
CVE-2026-46950 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
745 7.5 重要
Network 		オラクル Oracle Human Resources オラクルのOracle Human Resourcesにおける複数の脆弱性 CWE-352
CWE-601
CWE-79
CVE-2026-46955 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
746 7.5 重要
Network 		オラクル Oracle iSupplier Portal オラクルのOracle iSupplier Portalにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-46957 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
747 7.5 重要
Network 		オラクル Oracle Subledger Accounting オラクルのOracle Subledger Accountingにおける複数の脆弱性 CWE-269
CWE-284
CWE-306
CVE-2026-46958 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
748 7.5 重要
Network 		オラクル Oracle Subledger Accounting オラクルのOracle Subledger Accountingにおける複数の脆弱性 CWE-269
CWE-284
CWE-306
CVE-2026-46959 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
749 9.9 緊急
Network 		オラクル Oracle Universal Work Queue オラクルのOracle Universal Work Queueにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-46963 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
750 9.9 緊急
Network 		オラクル Oracle Universal Work Queue オラクルのOracle Universal Work Queueにおける複数の脆弱性 CWE-269
CWE-284
CWE-306
CVE-2026-46964 2026-06-22 11:50 2026-06-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
191141 8.8 HIGH
Adjacent 		defcon def_con_27_firmware The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol. CWE-120
Classic Buffer Overflow 		CVE-2021-38111 2024-11-21 15:16 2021-08-5 Show GitHub Exploit DB Packet Storm
191142 8.1 HIGH
Network 		courier-mta courier_mail_server An issue was discovered in the POP3 component of Courier Mail Server before 1.1.5. Meddler-in-the-middle attackers can pipeline commands after the POP3 STLS command, injecting plaintext commands into… CWE-74
Injection 		CVE-2021-38084 2024-11-21 15:16 2021-08-4 Show GitHub Exploit DB Packet Storm
191143 6.1 MEDIUM
Network 		joplin_project joplin Joplin before 2.0.9 allows XSS via button and form in the note body. CWE-79
Cross-site Scripting 		CVE-2021-37916 2024-11-21 15:16 2021-08-3 Show GitHub Exploit DB Packet Storm
191144 6.5 MEDIUM
Network 		argo-workflows_project argo-workflows In Argo Workflows through 3.1.3, if EXPRESSION_TEMPLATES is enabled and untrusted users are allowed to specify input parameters when running workflows, an attacker may be able to disrupt a workflow b… CWE-20
 Improper Input Validation  		CVE-2021-37914 2024-11-21 15:16 2021-08-3 Show GitHub Exploit DB Packet Storm
191145 8.1 HIGH
Network 		stb_project
debian 		stb
debian_linux 		stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. CWE-787
 Out-of-bounds Write 		CVE-2021-37789 2024-11-21 15:15 2022-11-2 Show GitHub Exploit DB Packet Storm
191146 9.8 CRITICAL
Network 		phpgurukul employee_record_management_system Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. CWE-89
SQL Injection 		CVE-2021-37782 2024-11-21 15:15 2022-10-29 Show GitHub Exploit DB Packet Storm
191147 9.8 CRITICAL
Network 		locke-bot_project locke-bot SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. CWE-89
SQL Injection 		CVE-2021-37522 2024-11-21 15:15 2023-07-19 Show GitHub Exploit DB Packet Storm
191148 9.8 CRITICAL
Network 		furukawa 423-41w\/ac_firmware
ld421-21w_firmware
ld420-10r_firmware
ld421-21wv_firmware 		RCE (Remote Code Execution) vulnerability was found in some Furukawa ONU models, this vulnerability allows remote unauthenticated users to send arbitrary commands to the device via web interface. NVD-CWE-noinfo
CVE-2021-37384 2024-11-21 15:15 2023-07-18 Show GitHub Exploit DB Packet Storm
191149 7.5 HIGH
Network 		furukawa 423-41w\/ac_firmware
ld421-21w_firmware
ld420-10r_firmware
ld421-21wv_firmware 		Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. CWE-79
Cross-site Scripting 		CVE-2021-37386 2024-11-21 15:15 2023-07-18 Show GitHub Exploit DB Packet Storm
191150 3.7 LOW
Network 		citadel webcit An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS… NVD-CWE-noinfo
CVE-2021-37845 2024-11-21 15:15 2023-05-30 Show GitHub Exploit DB Packet Storm