Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 23, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
189211	8.8	重要 Network	マイクロソフト	-	複数の Microsoft Office 製品の数式エディタにおけるリモートでコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2018-0807	2018-01-26 11:53	2018-01-9	Show	GitHub Exploit DB Packet Storm

189212	8.8	重要 Network	マイクロソフト	-	複数の Microsoft Office 製品の数式エディタにおけるリモートでコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2018-0806	2018-01-26 11:53	2018-01-9	Show	GitHub Exploit DB Packet Storm

189213	8.8	重要 Network	マイクロソフト	-	複数の Microsoft Office 製品の数式エディタにおけるリモートでコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2018-0805	2018-01-26 11:53	2018-01-9	Show	GitHub Exploit DB Packet Storm

189214	8.8	重要 Network	マイクロソフト	-	複数の Microsoft Office 製品の数式エディタにおけるリモートでコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2018-0804	2018-01-26 11:53	2018-01-9	Show	GitHub Exploit DB Packet Storm

189215	9.8	緊急 Network	Steven Ellis	-	WordPress 用 Easy2Map プラグインにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2015-7669	2018-01-26 11:53	2015-10-4	Show	GitHub Exploit DB Packet Storm

189216	6.1	警告 Network	DWBooster	-	WordPress 用 Payment Form for PayPal Pro プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-7666	2018-01-26 11:53	2015-09-27	Show	GitHub Exploit DB Packet Storm

189217	6.1	警告 Network	Stack Ideas Private Limited.	-	Joomla! 用 StackIdeas Komento コンポーネントにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-7324	2018-01-26 11:53	2015-09-28	Show	GitHub Exploit DB Packet Storm

189218	8.1	重要 Network	phpMyBackupPro	-	phpMyBackupPro における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2015-3637	2018-01-26 11:53	2015-05-4	Show	GitHub Exploit DB Packet Storm

189219	7.5	重要 Network	Keycloak	-	JBoss KeyCloak におけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2014-3651	2018-01-26 11:53	2014-10-21	Show	GitHub Exploit DB Packet Storm

189220	7.8	重要 Local	VMware	-	VMware vCenter Server Appliance における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-4943	2018-01-25 17:26	2017-12-19	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 23, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1591	8.1	HIGH Network	microsoft	windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2022 windows_server_2025	Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.	CWE-190 Integer Overflow or Wraparound	CVE-2026-42974	2026-06-11 04:53	2026-06-10	Show	GitHub Exploit DB Packet Storm

1592	7.8	HIGH Local	microsoft	windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2019 windows_server_2022 windows_server_2025	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.	CWE-362 Race Condition	CVE-2026-42977	2026-06-11 04:49	2026-06-10	Show	GitHub Exploit DB Packet Storm

1593	6.5	MEDIUM Network	-	-	A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields w…	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2026-9741	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1594	7.5	HIGH Network	-	-	When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is…	CWE-1287 Improper Validation of Specified Type of Input	CVE-2026-9742	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1595	6.5	MEDIUM Network	-	-	When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user m…	CWE-617 Reachable Assertion	CVE-2026-9746	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1596	6.5	MEDIUM Network	-	-	This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces e…	CWE-617 Reachable Assertion	CVE-2026-9749	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1597	6.5	MEDIUM Network	-	-	An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-wi…	CWE-476 NULL Pointer Dereference	CVE-2026-9752	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1598	8.1	HIGH Network	-	-	The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApply…	CWE-1287 Improper Validation of Specified Type of Input	CVE-2026-9753	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1599	6.5	MEDIUM Network	-	-	An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command	CWE-457 Use of Uninitialized Variable	CVE-2026-9754	2026-06-11 04:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

1600	5.4	MEDIUM Network	microsoft	sharepoint_server	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.	CWE-79 Cross-site Scripting	CVE-2026-45479	2026-06-11 04:42	2026-06-10	Show	GitHub Exploit DB Packet Storm