Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1361	7.8	重要 Local	4mhz	Base64 Decoder	4mhzのBase64 Decoderにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2019-25634	2026-06-5 10:52	2026-03-24	Show	GitHub Exploit DB Packet Storm

1362	7.8	重要 Local	Google	Android XR	GoogleのAndroid XRにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2026-0072	2026-06-5 10:52	2026-06-1	Show	GitHub Exploit DB Packet Storm

1363	9.8	緊急 Network	TRENDnet	TEW-432BRP Firmware	TRENDnetのTEW-432BRP Firmwareにおける複数の脆弱性	CWE-74 CWE-77	CVE-2026-10060	2026-06-5 10:52	2026-05-29	Show	GitHub Exploit DB Packet Storm

1364	9.8	緊急 Network	TRENDnet	TEW-432BRP Firmware	TRENDnetのTEW-432BRP Firmwareにおける複数の脆弱性	CWE-74 CWE-77	CVE-2026-10061	2026-06-5 10:52	2026-05-29	Show	GitHub Exploit DB Packet Storm

1365	9.8	緊急 Network	TRENDnet	TEW-432BRP Firmware	TRENDnetのTEW-432BRP Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-10062	2026-06-5 10:52	2026-05-29	Show	GitHub Exploit DB Packet Storm

1366	9.8	緊急 Network	TRENDnet	TEW-432BRP Firmware	TRENDnetのTEW-432BRP Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-10063	2026-06-5 10:52	2026-05-29	Show	GitHub Exploit DB Packet Storm

1367	9.8	緊急 Network	TRENDnet	TEW-432BRP Firmware	TRENDnetのTEW-432BRP Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-10064	2026-06-5 10:52	2026-05-29	Show	GitHub Exploit DB Packet Storm

1368	9.8	緊急 Network	Thingino	Thingino Firmware	ThinginoのThingino FirmwareにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-26213	2026-06-5 10:52	2026-03-26	Show	GitHub Exploit DB Packet Storm

1369	7.5	重要 Network	MessagePack	MessagePack	shamatonのMessagePackにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-32284	2026-06-5 10:52	2026-03-26	Show	GitHub Exploit DB Packet Storm

1370	7.5	重要 Network	pgproto3 project	pgproto3	Jackcのpgproto3における配列インデックスの検証に関する脆弱性	CWE-129 配列インデックスの不適切な検証	CVE-2026-32286	2026-06-5 10:52	2026-03-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 13, 2026, 4:20 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2701	-		-	-	The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.	CWE-200 Information Exposure	CVE-2026-50210	2026-06-5 00:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

2702	-		-	-	Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.	CWE-134 Use of Externally-Controlled Format String	CVE-2026-50211	2026-06-5 00:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

2703	-		-	-	Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.	CWE-400 Uncontrolled Resource Consumption	CVE-2026-50212	2026-06-5 00:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

2704	-		-	-	The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.	CWE-798 Use of Hard-coded Credentials	CVE-2026-50213	2026-06-5 00:10	2026-06-4	Show	GitHub Exploit DB Packet Storm

2705	8.2	HIGH Network	-	-	All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. At…	CWE-89 SQL Injection	CVE-2019-25726	2026-06-5 00:00	2026-06-4	Show	GitHub Exploit DB Packet Storm

2706	9.8	CRITICAL Network	-	-	WordPress Plugin ad manager wd 1.0.11 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the path parameter. Attackers…	CWE-22 Path Traversal	CVE-2019-25727	2026-06-5 00:00	2026-06-4	Show	GitHub Exploit DB Packet Storm

2707	8.2	HIGH Network	-	-	Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck_config cookie parameter. Attackers can inject …	CWE-89 SQL Injection	CVE-2019-25728	2026-06-5 00:00	2026-06-4	Show	GitHub Exploit DB Packet Storm

2708	9.8	CRITICAL Network	-	-	PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie paramete…	CWE-352 Origin Validation Error	CVE-2019-25729	2026-06-5 00:00	2026-06-4	Show	GitHub Exploit DB Packet Storm

2709	8.2	HIGH Network	-	-	Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can s…	CWE-89 SQL Injection	CVE-2019-25730	2026-06-5 00:00	2026-06-4	Show	GitHub Exploit DB Packet Storm

2710	8.2	HIGH Network	-	-	PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers…	CWE-89 SQL Injection	CVE-2019-25732	2026-06-5 00:00	2026-06-4	Show	GitHub Exploit DB Packet Storm