Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
189181	7.8	重要 Local	Linux	-	Linux Kernel における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-16939	2017-12-19 16:47	2017-11-2	Show	GitHub Exploit DB Packet Storm

189182	8.8	重要 Network	SmartBear Software	-	Swagger Parser および Swagger Codegen におけるコードに関する脆弱性	CWE-17 コード	CVE-2017-1000207	2017-12-19 16:35	2017-07-15	Show	GitHub Exploit DB Packet Storm

189183	7.8	重要 Local	Huawei	-	HedEx における信頼性のない検索パスに関する脆弱性	CWE-426 信頼性のない検索パス	CVE-2017-8137	2017-12-19 16:28	2017-06-1	Show	GitHub Exploit DB Packet Storm

189184	5.5	警告 Local	Huawei	-	HedEx における情報漏えいに関する脆弱性	CWE-200 情報漏えい	CVE-2017-8136	2017-12-19 16:28	2017-06-1	Show	GitHub Exploit DB Packet Storm

189185	7.8	重要 Local	Google	-	Android の Upstream Kernel ビデオドライバにおける認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-0863	2017-12-19 15:55	2017-11-6	Show	GitHub Exploit DB Packet Storm

189186	7.8	重要 Local	Google	-	Android の Upstream Kernel カーネルにおける認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-0862	2017-12-19 15:55	2017-11-6	Show	GitHub Exploit DB Packet Storm

189187	5.7	警告 Local	シスコシステムズ	-	Cisco NX-OS システムソフトウェアにおける認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-12351	2017-12-19 15:21	2017-11-29	Show	GitHub Exploit DB Packet Storm

189188	6.7	警告 Local	シスコシステムズ	-	Cisco NX-OS システムソフトウェアにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2017-12341	2017-12-19 15:21	2017-11-29	Show	GitHub Exploit DB Packet Storm

189189	4.2	警告 Local	シスコシステムズ	-	Cisco NX-OS システムソフトウェアにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2017-12340	2017-12-19 15:21	2017-11-29	Show	GitHub Exploit DB Packet Storm

189190	5.7	警告 Local	シスコシステムズ	-	Cisco NX-OS システムソフトウェアにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2017-12339	2017-12-19 15:21	2017-11-29	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 12, 2026, 4:20 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
71	6.5	MEDIUM Adjacent	-	-	aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the pa… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-47157	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

72	5.3	MEDIUM Network	-	-	Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.9, Fediverse Embeds registered the unauthenticated AJAX action wp_ajax_nopriv_ftf_get_site_info (includes/Site_Info.ph… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-46698	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

73	7.5	HIGH Network	-	-	Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST route ftf/media-proxy (includes/Media_Proxy.php) with permissio… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-46697	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

74	7.5	HIGH Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the 1.x line build a regular expression from the configured XSRF co… New	CWE-400 CWE-1333 Uncontrolled Resource Consumption Inefficient Regular Expression Complexity	CVE-2026-44496	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

75	8.7	HIGH Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototyp… New	CWE-441 CWE-1321 Confused Deputy Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2026-44494	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

76	4.8	MEDIUM Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream… New	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2026-44490	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

77	-		-	-	A remote unauthenticated attacker may be able to conduct credential-guessing attacks against user accounts in Sonatype Nexus Repository via authentication endpoints. New	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2026-3329	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

78	4.9	MEDIUM Network	-	-	A flaw was found in the admin-ui-ext component of Keycloak, which provides extended administrative user interface capabilities. The issue occurs because certain bulk role-removal endpoints fail to pe… New	CWE-425 Direct Request ('Forced Browsing')	CVE-2026-11986	2026-06-12 03:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

79	8.8	HIGH Local	espressif	esp-idf	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_servi… New	CWE-20 CWE-787 Improper Input Validation Out-of-bounds Write	CVE-2026-45328	2026-06-12 03:15	2026-06-10	Show	GitHub Exploit DB Packet Storm

80	7.5	HIGH Network	espressif	esp-idf	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pa… New	CWE-476 NULL Pointer Dereference	CVE-2026-45541	2026-06-12 03:05	2026-06-10	Show	GitHub Exploit DB Packet Storm