Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1771 5.4 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品における型の取り違えに関する脆弱性 CWE-843
型の取り違え 		CVE-2026-12299 2026-06-17 15:35 2026-06-16 Show GitHub Exploit DB Packet Storm
1772 4.3 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-12303 2026-06-17 15:35 2026-06-16 Show GitHub Exploit DB Packet Storm
1773 4.7 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品における複数の脆弱性 CWE-200
CWE-688
CVE-2026-12311 2026-06-17 15:35 2026-06-16 Show GitHub Exploit DB Packet Storm
1774 4.7 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品における権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2026-12313 2026-06-17 15:35 2026-06-16 Show GitHub Exploit DB Packet Storm
1775 6.5 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品におけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2026-12319 2026-06-17 15:35 2026-06-16 Show GitHub Exploit DB Packet Storm
1776 4.3 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2026-12320 2026-06-17 15:34 2026-06-16 Show GitHub Exploit DB Packet Storm
1777 5.4 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品における常に不適切な制御フローの実装に関する脆弱性 CWE-670
常に不適切な制御フローの実装 		CVE-2026-12321 2026-06-17 15:34 2026-06-16 Show GitHub Exploit DB Packet Storm
1778 5.4 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品におけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性 CWE-1021
レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限 		CVE-2026-12322 2026-06-17 15:34 2026-06-16 Show GitHub Exploit DB Packet Storm
1779 5.4 警告
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla FoundationのMozilla Firefox等の複数製品におけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性 CWE-1021
レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限 		CVE-2026-12323 2026-06-17 15:34 2026-06-16 Show GitHub Exploit DB Packet Storm
1780 6.5 警告
Network 		キヤノン PCソフトウェア EOS Network Setting Tool キヤノン製EOS Network Setting Toolにおける複数の脆弱性 CWE-1188
CWE-295
CWE-321
CWE-327
CVE-2026-9258
CVE-2026-9259
CVE-2026-9260
CVE-2026-9261
CVE-2026-9262 		2026-06-17 13:38 2026-06-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1031 6.5 MEDIUM
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool… New CWE-862
 Missing Authorization 		CVE-2026-54027 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1032 6.5 MEDIUM
Local 		- - Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which all… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-4339 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1033 7.5 HIGH
Network 		- - A flaw in Node.js WebCrypto implementation can crash the process if the input of `subtle.encrypt()` is a multiple of 2GiB. This vulnerability affects all supported release lines: **Node.js 22**, *… New CWE-190
 Integer Overflow or Wraparound 		CVE-2026-48933 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1034 7.7 HIGH
Network 		- - A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization misma… New CWE-176
 Improper Handling of Unicode Encoding 		CVE-2026-48618 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1035 7.1 HIGH
Network 		- - Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This… New CWE-73
CWE-400
 External Control of File Name or Path
 Uncontrolled Resource Consumption 		CVE-2026-47214 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1036 - - - rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK automatically loads .r… New CWE-345
CWE-426
 Insufficient Verification of Data Authenticity
 Untrusted Search Path 		CVE-2026-45792 2026-06-27 01:16 2026-06-24 Show GitHub Exploit DB Packet Storm
1037 3.5 LOW
Network 		- - Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated att… New CWE-693
 Protection Mechanism Failure 		CVE-2026-3472 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1038 6.5 MEDIUM
Network 		- - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to in… New CWE-89
SQL Injection 		CVE-2026-13226 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1039 6.5 MEDIUM
Network 		- - Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. New CWE-79
Cross-site Scripting 		CVE-2025-68074 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1040 7.5 HIGH
Network 		- - Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. New CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 		CVE-2025-68064 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm