Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 2:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
190001 8.2 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Guest Additions に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2693 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190002 8.6 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2690 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190003 8.6 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2689 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190004 8.6 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2688 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190005 8.6 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2687 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190006 8.6 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2686 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190007 8.6 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2685 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190008 8.2 重要
Local
オラクル - Oracle Virtualization の Oracle VM VirtualBox における Core に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2676 2018-01-31 17:02 2018-01-16 Show GitHub Exploit DB Packet Storm
190009 7.5 重要
Network
オラクル - Oracle Support Tools の OSS Support Tools における Diagnostic Assistant に関する脆弱性 CWE-200
情報漏えい
CVE-2018-2617 2018-01-31 16:15 2018-01-16 Show GitHub Exploit DB Packet Storm
190010 8.8 重要
Network
オラクル - Oracle Support Tools の OSS Support Tools における Diagnostic Assistant に関する脆弱性 CWE-284
不適切なアクセス制御
CVE-2018-2616 2018-01-31 16:15 2018-01-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1571 9.3 CRITICAL
Network
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. CWE-89
SQL Injection
CVE-2026-54836 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1572 7.4 HIGH
Network
- - Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. CWE-201
 Insertion of Sensitive Information Into Sent Data
CVE-2026-54821 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1573 9.9 CRITICAL
Network
- - SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, … CWE-79
CWE-1188
Cross-site Scripting
 Insecure Default Initialization of Resource
CVE-2026-54158 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1574 6.1 MEDIUM
Local
- - Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by check… CWE-22
CWE-59
Path Traversal
Link Following
CVE-2026-53766 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1575 - - - Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in the lfs_obj… CWE-345
CWE-639
CWE-862
 Insufficient Verification of Data Authenticity
 Authorization Bypass Through User-Controlled Key
 Missing Authorization
CVE-2026-52812 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1576 9.8 CRITICAL
Network
cacti cacti Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The esc… CWE-78
CWE-88
OS Command 
Argument Injection
CVE-2026-40079 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1577 5.3 MEDIUM
Network
cacti cacti Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed … CWE-22
Path Traversal
CVE-2026-39899 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1578 7.3 HIGH
Local
- - A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve … CWE-61
 UNIX Symbolic Link (Symlink) Following
CVE-2026-13201 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1579 6.5 MEDIUM
Network
- - The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied … CWE-89
SQL Injection
CVE-2026-12079 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1580 6.5 MEDIUM
Network
- - A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials (api_key and api_secret) into … CWE-532
 Inclusion of Sensitive Information in Log Files
CVE-2026-11820 2026-06-26 09:16 2026-06-24 Show GitHub Exploit DB Packet Storm