Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 11, 2026, 6:13 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
189231 6.1 警告
Network 		Mikko Saari - Relevanssi におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-1000225 2017-12-8 18:24 2017-02-28 Show GitHub Exploit DB Packet Storm
189232 7.8 重要
Local 		OptiPNG - OptiPNG における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2017-1000229 2017-12-8 18:12 2017-11-19 Show GitHub Exploit DB Packet Storm
189233 5.4 警告
Network 		Vonage - Vonage VDV-23 デバイスにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-16843 2017-12-8 18:04 2017-11-16 Show GitHub Exploit DB Packet Storm
189234 8.8 重要
Network 		NetApp - NetApp SnapCenter Server におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2017-15516 2017-12-8 17:59 2017-11-14 Show GitHub Exploit DB Packet Storm
189235 6.6 警告
Network 		UpdraftPlus.Com - WordPress 用 UpdraftPlus プラグインにおけるコードインジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2017-16871 2017-12-8 17:58 2017-11-29 Show GitHub Exploit DB Packet Storm
189236 6.6 警告
Network 		UpdraftPlus.Com - WordPress 用 UpdraftPlus プラグインにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2017-16870 2017-12-8 17:58 2017-11-29 Show GitHub Exploit DB Packet Storm
189237 8.8 重要
Network 		libbpg - libbpg などの製品におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2017-14034 2017-12-8 17:56 2017-11-16 Show GitHub Exploit DB Packet Storm
189238 8.8 重要
Network 		libbpg - libbpg における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2017-13136 2017-12-8 17:56 2017-11-16 Show GitHub Exploit DB Packet Storm
189239 7.8 重要
Local 		Google - Android の Linux Kernel における認可・権限・アクセス制御に関する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-0861 2017-12-8 17:55 2017-11-6 Show GitHub Exploit DB Packet Storm
189240 7.8 重要
Local 		Google - Android におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2017-9719 2017-12-8 17:55 2017-11-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 12, 2026, 4:20 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
131 7.8 HIGH
Local 		microsoft windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025 		Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. New CWE-416
 Use After Free 		CVE-2026-42983 2026-06-12 01:54 2026-06-10 Show GitHub Exploit DB Packet Storm
132 7.5 HIGH
Network 		vmware spring_framework IDs for WebSocket sessions in the spring-websocket module are not cryptographically unpredictable, which may be possible to exploit in combination with inadequate authorization rules. Affected versi… New CWE-330
 Use of Insufficiently Random Values 		CVE-2026-41838 2026-06-12 01:53 2026-06-9 Show GitHub Exploit DB Packet Storm
133 7.8 HIGH
Local 		microsoft windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2025 		Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. New CWE-125
Out-of-bounds Read 		CVE-2026-42837 2026-06-12 01:51 2026-06-10 Show GitHub Exploit DB Packet Storm
134 6.1 MEDIUM
Network 		vmware spring_framework A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an ar… New CWE-601
Open Redirect 		CVE-2026-41844 2026-06-12 01:19 2026-06-9 Show GitHub Exploit DB Packet Storm
135 6.5 MEDIUM
Network 		microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w… 		Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. New CWE-476
 NULL Pointer Dereference 		CVE-2026-42903 2026-06-12 01:17 2026-06-10 Show GitHub Exploit DB Packet Storm
136 - - - openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details fro… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-8406 2026-06-12 01:16 2026-06-11 Show GitHub Exploit DB Packet Storm
137 8.8 HIGH
Network 		- - IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. New CWE-427
 Uncontrolled Search Path Element 		CVE-2026-7870 2026-06-12 01:16 2026-06-12 Show GitHub Exploit DB Packet Storm
138 7.5 HIGH
Network 		- - IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-7787 2026-06-12 01:16 2026-06-12 Show GitHub Exploit DB Packet Storm
139 8.8 HIGH
Network 		- - Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template inj… New CWE-94
Code Injection 		CVE-2026-50223 2026-06-12 01:16 2026-06-11 Show GitHub Exploit DB Packet Storm
140 8.6 HIGH
Network 		- - Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati… New CWE-918
CWE-1286
CWE-1389
Server-Side Request Forgery (SSRF) 
 Improper Validation of Syntactic Correctness of Input 		CVE-2026-50131 2026-06-12 01:16 2026-06-11 Show GitHub Exploit DB Packet Storm