Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 28, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
791 8.1 重要
Network 		OpenClaw OpenClaw OpenClawにおける複数の脆弱性 CWE-184
CWE-863
CVE-2026-53855 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
792 5.5 警告
Local 		OpenClaw OpenClaw OpenClawにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性 CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2026-53856 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
793 8.1 重要
Network 		OpenClaw OpenClaw OpenClawにおけるスプーフィングによる認証回避に関する脆弱性 CWE-290
スプーフィングによる認証回避 		CVE-2026-53857 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
794 7.1 重要
Local 		OpenClaw OpenClaw OpenClawにおける信頼できない検索パスに関する脆弱性 CWE-426
信頼性のない検索パス 		CVE-2026-53858 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
795 6.5 警告
Network 		OpenClaw OpenClaw OpenClawにおける複数の脆弱性 CWE-1023
CWE-918
CVE-2026-53859 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
796 5.4 警告
Network 		OpenClaw OpenClaw OpenClawにおける複数の脆弱性 CWE-807
CWE-863
CVE-2026-53860 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
797 9.8 緊急
Network 		OpenClaw OpenClaw OpenClawにおける不完全なブラックリストに関する脆弱性 CWE-184
不完全なブラックリスト 		CVE-2026-53861 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
798 5.4 警告
Network 		OpenClaw OpenClaw OpenClawにおける複数の脆弱性 CWE-266
CWE-345
CVE-2026-53862 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
799 6.5 警告
Network 		OpenClaw OpenClaw OpenClawにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-53863 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
800 8.1 重要
Network 		OpenClaw OpenClaw OpenClawにおける不完全なブラックリストに関する脆弱性 CWE-184
不完全なブラックリスト 		CVE-2026-53864 2026-06-22 11:47 2026-06-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
190921 7.8 HIGH
Local 		tranquil wapt Incorrect Access Control in Tranquil WAPT Enterprise - before 1.8.2.7373 and before 2.0.0.9450 allows guest OS users to escalate privileges via WAPT Agent. NVD-CWE-Other
CVE-2021-38608 2024-11-21 15:17 2021-08-17 Show GitHub Exploit DB Packet Storm
190922 5.4 MEDIUM
Network 		crocoblock jetengine Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input. CWE-79
Cross-site Scripting 		CVE-2021-38607 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190923 5.4 MEDIUM
Network 		imgurl_project imgurl imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. CWE-79
Cross-site Scripting 		CVE-2021-38713 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190924 7.5 HIGH
Network 		onenav onenav OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file. CWE-668
 Exposure of Resource to Wrong Sphere 		CVE-2021-38712 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190925 7.5 HIGH
Network 		gitit_project gitit In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. CWE-552
 Files or Directories Accessible to External Parties 		CVE-2021-38711 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190926 6.1 MEDIUM
Network 		compo composr_cms In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. CWE-79
Cross-site Scripting 		CVE-2021-38709 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190927 5.4 MEDIUM
Network 		compo composr_cms In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. CWE-79
Cross-site Scripting 		CVE-2021-38708 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190928 5.4 MEDIUM
Network 		tastyigniter tastyigniter TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs. CWE-79
Cross-site Scripting 		CVE-2021-38699 2024-11-21 15:17 2021-08-16 Show GitHub Exploit DB Packet Storm
190929 7.5 HIGH
Network 		deferred_image_processing_project deferred_image_processing The deferred_image_processing (aka Deferred image processing) extension before 1.0.2 for TYPO3 allows Denial of Service via the FAL API because of /var/transient disk consumption. CWE-404
 Improper Resource Shutdown or Release 		CVE-2021-38623 2024-11-21 15:17 2021-08-14 Show GitHub Exploit DB Packet Storm
190930 5.3 MEDIUM
Network 		hashicorp vault HashiCorp Vault and Vault Enterprise’s UI erroneously cached and exposed user-viewed secrets between sessions in a single shared browser. Fixed in 1.8.0 and pending 1.7.4 / 1.6.6 releases. CWE-212
 Improper Removal of Sensitive Information Before Storage or Transfer 		CVE-2021-38554 2024-11-21 15:17 2021-08-14 Show GitHub Exploit DB Packet Storm