Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 10 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
190001 8.8 重要
Network
Apache Software Foundation - Apache Fineract における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2017-5663 2018-01-29 13:45 2017-12-13 Show GitHub Exploit DB Packet Storm
190002 9.8 緊急
Network
Change Healthcare Company - Conserus Image Repository における XML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限
CVE-2017-14101 2018-01-29 13:45 2017-12-12 Show GitHub Exploit DB Packet Storm
190003 5.3 警告
Network
Phusion - Phusion Passenger における情報漏えいに関する脆弱性 CWE-200
情報漏えい
CVE-2017-16355 2018-01-29 13:45 2017-10-11 Show GitHub Exploit DB Packet Storm
190004 9.8 緊急
Network
Hangzhou Xiongmai Technology Co.,LTD. - Xiongmai Technology IP Camera および DVR におけるバッファエラーの脆弱性 CWE-119
バッファエラー
CVE-2017-16725 2018-01-29 12:27 2017-12-7 Show GitHub Exploit DB Packet Storm
190005 6.1 警告
Network
PHP Scripts Mall Pvt Ltd - Readymade Video Sharing Script におけるコードインジェクションの脆弱性 CWE-94
コード・インジェクション
CVE-2017-17649 2018-01-29 12:17 2017-12-13 Show GitHub Exploit DB Packet Storm
190006 7.5 重要
Network
Huawei - 複数の Huawei 製品における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り
CVE-2017-15317 2018-01-29 12:06 2017-12-6 Show GitHub Exploit DB Packet Storm
190007 7.5 重要
Network
LiveQoS - SuperBeam における暗号に関する脆弱性 CWE-310
暗号の問題
CVE-2017-17763 2018-01-29 11:58 2017-08-18 Show GitHub Exploit DB Packet Storm
190008 9.8 緊急
Network
iChano Incorporation. - iChano AtHome IP Camera デバイスにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション
CVE-2017-17761 2018-01-29 11:58 2017-12-19 Show GitHub Exploit DB Packet Storm
190009 9.8 緊急
Network
Zivif. - Zivif Web カメラにおけるハードコードされた認証情報の使用に関する脆弱性 CWE-798
ハードコードされた認証情報の使用
CVE-2017-17107 2018-01-29 11:58 2017-12-5 Show GitHub Exploit DB Packet Storm
190010 9.8 緊急
Network
Zivif. - Zivif Web カメラにおける証明書・パスワードの管理に関する脆弱性 CWE-255
証明書・パスワード管理
CVE-2017-17106 2018-01-29 11:58 2017-12-5 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1391 6.5 MEDIUM
Network
- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool… CWE-862
 Missing Authorization
CVE-2026-54027 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1392 7.7 HIGH
Network
- - A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization misma… CWE-176
 Improper Handling of Unicode Encoding
CVE-2026-48618 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1393 7.1 HIGH
Network
- - Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. Prior to 2.94.0, the HTML backend has unsafe URI and path handling. This… CWE-73
CWE-400
 External Control of File Name or Path
 Uncontrolled Resource Consumption
CVE-2026-47214 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1394 - - - rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.32.0, RTK (Rust Token Killer) improperly trusts project-local configuration files. RTK automatically loads .r… CWE-345
CWE-426
 Insufficient Verification of Data Authenticity
 Untrusted Search Path
CVE-2026-45792 2026-06-27 01:16 2026-06-24 Show GitHub Exploit DB Packet Storm
1395 6.5 MEDIUM
Network
- - The Groundhogg — CRM, Newsletters, and Marketing Automation plugin for WordPress is vulnerable to generic SQL Injection via the 'after' parameter in all versions up to, and including, 4.5.4 due to in… CWE-89
SQL Injection
CVE-2026-13226 2026-06-27 01:16 2026-06-26 Show GitHub Exploit DB Packet Storm
1396 6.5 MEDIUM
Network
- - Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions. CWE-79
Cross-site Scripting
CVE-2025-68074 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1397 7.5 HIGH
Network
- - Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions. CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-68064 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1398 5.3 MEDIUM
Network
- - Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. CWE-862
 Missing Authorization
CVE-2025-64636 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1399 4.3 MEDIUM
Network
- - Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. CWE-862
 Missing Authorization
CVE-2025-63079 2026-06-27 01:16 2026-06-27 Show GitHub Exploit DB Packet Storm
1400 5.4 MEDIUM
Network
- - The Mattermost Go module github.com/mattermost/mattermost/server/public versions < v0.1.22 fail to validate path parameters when constructing API route paths which allows an attacker to redirect API … CWE-22
Path Traversal
CVE-2026-13426 2026-06-27 01:12 2026-06-26 Show GitHub Exploit DB Packet Storm