Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 28, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
189221 4.8 警告
Network 		Advanced Real Estate Script project - Online Ticket Booking におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-5076 2018-02-1 16:16 2018-01-3 Show GitHub Exploit DB Packet Storm
189222 6.8 警告
Network 		Advanced Real Estate Script project - Online Ticket Booking におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2018-5073 2018-02-1 16:16 2018-01-3 Show GitHub Exploit DB Packet Storm
189223 9.8 緊急
Network 		日本電気
日立
Apache Software Foundation		 - Apache httpd におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2017-7679 2018-02-1 14:32 2017-06-20 Show GitHub Exploit DB Packet Storm
189224 9.8 緊急
Network 		日本電気
日立
Apache Software Foundation		 - Apache httpd における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2017-3167 2018-02-1 14:32 2017-06-20 Show GitHub Exploit DB Packet Storm
189225 6.8 警告
Adjacent 		日本電気
富士通
openSUSE project
Canonical
w1.fi
Debian
FreeBSD
SUSE
レッドハット		 - Wi-Fi Protected Access における Station-To-Station-Link Transient Key を再インストールされる脆弱性 CWE-254
セキュリティ機能 		CVE-2017-13084 2018-02-1 14:03 2017-10-16 Show GitHub Exploit DB Packet Storm
189226 7.5 重要
Network 		アドビシステムズ
レッドハット		 - Adobe Flash Player における重要な情報を漏えいされる脆弱性 CWE-125
境界外読み取り 		CVE-2018-4871 2018-02-1 13:58 2018-01-9 Show GitHub Exploit DB Packet Storm
189227 6.5 警告
Network 		マイクロソフト - Microsoft Office 2016 for Mac における巧妙に細工された電子メール添付ファイルをユーザに送信される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2018-0819 2018-02-1 12:06 2018-01-9 Show GitHub Exploit DB Packet Storm
189228 5.4 警告
Network 		オラクル - Oracle PeopleSoft Products の PeopleSoft Enterprise SCM eProcurement における Manage Requisition Status に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2018-2731 2018-02-1 12:05 2018-01-16 Show GitHub Exploit DB Packet Storm
189229 6.4 警告
Network 		オラクル - Oracle Retail Applications の Oracle Retail Merchandising System における Cross Pillar に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2018-2730 2018-02-1 12:05 2018-01-16 Show GitHub Exploit DB Packet Storm
189230 6.5 警告
Network 		オラクル - Oracle PeopleSoft Products の PeopleSoft Enterprise FSCM における Strategic Sourcing に関する脆弱性 CWE-200
情報漏えい 		CVE-2018-2702 2018-02-1 12:05 2018-01-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2291 8.6 HIGH
Network 		- - In Spring AI Vector Stores, special characters could be used to force the execution of arbitrary queries in Elasticsearch, OpenSearch, and GemFire VectorDB. Affected components: spring-ai-elasticsear… CWE-943
 Improper Neutralization of Special Elements in Data Query Logic 		CVE-2026-47835 2026-06-17 00:23 2026-06-16 Show GitHub Exploit DB Packet Storm
2292 8.6 HIGH
Network 		- - Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Af… CWE-346
 Origin Validation Error 		CVE-2026-47825 2026-06-17 00:23 2026-06-16 Show GitHub Exploit DB Packet Storm
2293 8.8 HIGH
Adjacent 		- - A stack-based buffer overflow vulnerability in the CGI program of Zyxel GS1900-48HPv2 firmware versions through 2.90(ABTQ.1)C0 could allow a LAN-based, unauthenticated attacker to exploit the flaw an… CWE-121
Stack-based Buffer Overflow 		CVE-2026-7273 2026-06-17 00:23 2026-06-16 Show GitHub Exploit DB Packet Storm
2294 6.3 MEDIUM
Local 		- - On Xtensa targets with CONFIG_USERSPACE and CONFIG_XTENSA_MMU, the page-table code (arch/xtensa/core/ptables.c) maintains a global list, xtensa_domain_list, of active memory domains using a list node… CWE-416
 Use After Free 		CVE-2026-10635 2026-06-17 00:23 2026-06-16 Show GitHub Exploit DB Packet Storm
2295 3.7 LOW
Network 		- - In Zephyr's IPv4 IGMP implementation, igmp_send() in subsys/net/ip/igmp.c read the network interface back out of the packet via net_pkt_iface(pkt) after the packet had been handed to net_send_data().… CWE-416
 Use After Free 		CVE-2026-10636 2026-06-17 00:23 2026-06-17 Show GitHub Exploit DB Packet Storm
2296 5.9 MEDIUM
Adjacent 		- - subsys/net/ip/ipv6_mld.c:mld_send() read the packet interface via net_pkt_iface(pkt) after net_send_data(pkt) returned successfully. Per the network stack's ownership contract (include/zephyr/net/net… CWE-416
 Use After Free 		CVE-2026-10637 2026-06-17 00:23 2026-06-17 Show GitHub Exploit DB Packet Storm
2297 5.9 MEDIUM
Network 		- - subsys/net/ip/icmpv6.c reads the network interface from a net_pkt after that packet has been handed to net_try_send_data(). In icmpv6_handle_echo_request() and net_icmpv6_send_error(), the post-send … CWE-416
 Use After Free 		CVE-2026-10638 2026-06-17 00:23 2026-06-17 Show GitHub Exploit DB Packet Storm
2298 4.8 MEDIUM
Network 		- - In Zephyr's native IPv4 stack, icmpv4_handle_echo_request() in subsys/net/ip/icmpv4.c builds an echo-reply packet (reply), hands it to net_try_send_data(), and then, on success, calls net_stats_updat… CWE-416
 Use After Free 		CVE-2026-10639 2026-06-17 00:23 2026-06-17 Show GitHub Exploit DB Packet Storm
2299 4.2 MEDIUM
Adjacent 		- - Zephyr's IPv6 Neighbor Discovery send paths (net_ipv6_send_na, net_ipv6_send_ns, net_ipv6_send_rs in subsys/net/ip/ipv6_nbr.c) updated the per-interface ICMP-sent statistics by calling net_pkt_iface(… CWE-416
 Use After Free 		CVE-2026-10640 2026-06-17 00:23 2026-06-17 Show GitHub Exploit DB Packet Storm
2300 5.3 MEDIUM
Network 		- - The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user i… CWE-862
 Missing Authorization 		CVE-2026-6964 2026-06-17 00:22 2026-06-16 Show GitHub Exploit DB Packet Storm