Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 2:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
189981 7.5 重要
Network
オラクル - Oracle Hospitality Applications の Oracle Hospitality Simphony における Enterprise Server に関する脆弱性 CWE-200
情報漏えい
CVE-2018-2589 2018-01-31 17:58 2018-01-16 Show GitHub Exploit DB Packet Storm
189982 8.1 重要
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Hedge Management and IFRS Valuations における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2725 2018-01-31 17:14 2018-01-16 Show GitHub Exploit DB Packet Storm
189983 8.1 重要
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Loan Loss Forecasting and Provisioning における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2724 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189984 8.1 重要
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Liquidity Risk Management における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2720 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189985 6.1 警告
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Hedge Management and IFRS Valuations における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2719 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189986 6.1 警告
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Market Risk における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2714 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189987 6.1 警告
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Loan Loss Forecasting and Provisioning における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2712 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189988 6.1 警告
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Liquidity Risk Management における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2682 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189989 8.1 重要
Network
オラクル - Oracle Financial Services Applications の Oracle Financial Services Profitability Management における User Interface に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2679 2018-01-31 17:13 2018-01-16 Show GitHub Exploit DB Packet Storm
189990 6.1 警告
Network
オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Web Runtime SEC に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2659 2018-01-31 17:05 2018-01-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2231 8.2 HIGH
Network
- - Joomla! Component My Projects 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the VerAyari param… CWE-89
SQL Injection
CVE-2017-20253 2026-06-24 03:17 2026-06-20 Show GitHub Exploit DB Packet Storm
2232 5.5 MEDIUM
Local
- - NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check… CWE-602
 Client-Side Enforcement of Server-Side Security
CVE-2026-56693 2026-06-24 02:58 2026-06-24 Show GitHub Exploit DB Packet Storm
2233 5.4 MEDIUM
Network
- - OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r… CWE-862
 Missing Authorization
CVE-2026-56696 2026-06-24 02:58 2026-06-24 Show GitHub Exploit DB Packet Storm
2234 6.1 MEDIUM
Network
flowiseai flowise Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScrip… CWE-80
Basic XSS
CVE-2025-71331 2026-06-24 02:53 2026-06-21 Show GitHub Exploit DB Packet Storm
2235 8.2 HIGH
Network
messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4… CWE-20
 Improper Input Validation 
CVE-2026-48109 2026-06-24 02:25 2026-06-23 Show GitHub Exploit DB Packet Storm
2236 7.5 HIGH
Network
messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension len… CWE-125
CWE-190
CWE-407
CWE-409
CWE-470
CWE-502
CWE-674
CWE-789
CWE-1188
Out-of-bounds Read
 Integer Overflow or Wraparound
 Inefficient Algorithmic Complexity
 Improper Handling of Highly Compressed Data (Data Amplification)
Unsafe Reflection
 Deserialization of Untrusted Data
 Uncontrolled Recursion
 Memory Allocation with Excessive Size Value
 Insecure Default Initialization of Resource
CVE-2026-48502 2026-06-24 02:25 2026-06-23 Show GitHub Exploit DB Packet Storm
2237 7.5 HIGH
Network
messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth o… CWE-674
 Uncontrolled Recursion
CVE-2026-48506 2026-06-24 02:24 2026-06-23 Show GitHub Exploit DB Packet Storm
2238 8.1 HIGH
Network
- - piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through… CWE-94
CWE-1321
Code Injection
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2026-55388 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm
2239 6.1 MEDIUM
Network
astro astro Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolate… CWE-79
Cross-site Scripting
CVE-2026-54298 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm
2240 - - - AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This… CWE-200
CWE-522
Information Exposure
 Insufficiently Protected Credentials
CVE-2026-54276 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm