Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 15, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
188971 7.8 重要
Local 		TG Soft S.a.s. - TG Soft Vir.IT eXplorer Lite におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2017-17467 2017-12-27 15:31 2017-12-8 Show GitHub Exploit DB Packet Storm
188972 7.8 重要
Local 		TG Soft S.a.s. - TG Soft Vir.IT eXplorer Lite における認可・権限・アクセス制御に関する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-17466 2017-12-27 15:31 2017-12-8 Show GitHub Exploit DB Packet Storm
188973 9.8 緊急
Network 		Inedo - Inedo Otter における入力確認に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2017-17086 2017-12-27 15:19 2017-11-30 Show GitHub Exploit DB Packet Storm
188974 9.8 緊急
Network 		Inedo - Inedo Otter におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2017-15607 2017-12-27 15:19 2017-11-15 Show GitHub Exploit DB Packet Storm
188975 5.5 警告
Local 		aubio - aubio におけるゼロ除算に関する脆弱性 CWE-369
ゼロ除算 		CVE-2017-17054 2017-12-27 15:14 2017-11-28 Show GitHub Exploit DB Packet Storm
188976 7.5 重要
Network 		WooCommerce project - WordPress 用 WooCommerce プラグインにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2017-17058 2017-12-27 15:11 2017-11-28 Show GitHub Exploit DB Packet Storm
188977 9.8 緊急
Network 		Haxx
Debian		 - cURL および libcurl における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2017-8817 2017-12-27 15:06 2017-11-10 Show GitHub Exploit DB Packet Storm
188978 9.8 緊急
Network 		Haxx
Debian		 - cURL および libcurl における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2017-8816 2017-12-27 15:06 2017-11-6 Show GitHub Exploit DB Packet Storm
188979 6.5 警告
Network 		Synology Inc. - Synology Router Manager におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2017-15895 2017-12-27 15:02 2017-11-15 Show GitHub Exploit DB Packet Storm
188980 6.5 警告
Network 		Synology Inc. - Synology DiskStation Manager におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2017-15894 2017-12-27 15:02 2017-11-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 15, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
201 6.3 MEDIUM
Network 		- - Koel is a free, open-source music streaming solution. Prior to version 9.7.1, Koel contains a Server-Side Request Forgery (SSRF) vulnerability in the radio station creation endpoint (POST /api/radio/… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-50552 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
202 - - - AgenticMail gives AI agents real email addresses and phone numbers. Prior to version 0.9.27, @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCP_HTTP=1. In that mode,… New CWE-306
Missing Authentication for Critical Function 		CVE-2026-50287 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
203 - - - Actual is an open-source personal finance application. Prior to version 26.5.0, several endpoints are affected by a path traversal vulnerability. Version 26.5.0 fixes the issue. New CWE-22
Path Traversal 		CVE-2026-43872 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
204 - - - Actual is an open-source personal finance application. In the macOS desktop application version 25.x (built on Electron 39.2.7), the ELECTRON_RUN_AS_NODE fuse is not disabled, allowing an attacker wh… New CWE-94
Code Injection 		CVE-2026-42890 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
205 7.8 HIGH
Local 		- - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, a program able to write bytes to a kitty terminal — a remote SSH peer, a downloaded file viewed with `cat`, a log line, an e… New CWE-94
CWE-862
Code Injection
 Missing Authorization 		CVE-2026-42851 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
206 - - - Kitty is a cross-platform GPU based terminal. In versions prior to 0.47.0, it is possible to inject commands within the subshell through kitty error. A special escape code will make kitty return an e… New CWE-77
Command Injection 		CVE-2026-42850 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
207 - - - Actual is a local-first personal finance tool. The `POST /openid/config` endpoint in Actual Budget's sync-server versions <= 26.4.0 exposes the full OpenID Connect configuration—including the OAuth2 … New CWE-863
 Incorrect Authorization 		CVE-2026-42604 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
208 7.5 HIGH
Network 		- - form-data is a library for creating readable multipart/form-data streams. In versions through 4.0.5, the `field` argument to `FormData#append` and the `filename` option are concatenated verbatim into… New CWE-93
CRLF Injection 		CVE-2026-12143 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
209 8.8 HIGH
Network 		- - Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting clie… New CWE-415
 Double Free 		CVE-2026-12043 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm
210 - - - Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary post_id to POST /admin/post… New CWE-862
 Missing Authorization 		CVE-2026-10715 2026-06-13 05:16 2026-06-13 Show GitHub Exploit DB Packet Storm