Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 6, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
190461 7 重要
Local 		IBM - IBM Security SiteProtector System における認可・権限・アクセス制御に関する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-0162 2017-10-12 17:15 2015-04-8 Show GitHub Exploit DB Packet Storm
190462 7.5 重要
Network 		EURid - YADIFA におけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2017-14339 2017-10-12 17:15 2017-09-12 Show GitHub Exploit DB Packet Storm
190463 9.1 緊急
Network 		The Perl Foundation - Perl 5 におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2017-12883 2017-10-12 17:15 2017-09-10 Show GitHub Exploit DB Packet Storm
190464 7.8 重要
Local 		GSTN - GSTN Offline Utility tool における認可・権限・アクセス制御に関する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-13779 2017-10-12 17:15 2017-09-4 Show GitHub Exploit DB Packet Storm
190465 6.7 警告
Local 		IBM - IBM Informix Dynamic Server における認可・権限・アクセス制御に関する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-1508 2017-10-12 17:15 2017-09-11 Show GitHub Exploit DB Packet Storm
190466 7.2 重要
Network 		LANDesk - Landesk Management Suite における入力確認に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2014-5362 2017-10-12 16:54 2015-04-16 Show GitHub Exploit DB Packet Storm
190467 7.5 重要
Network 		ZTE - ZXR10 1800-2S におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2017-10931 2017-10-12 16:47 2017-08-10 Show GitHub Exploit DB Packet Storm
190468 9.8 緊急
Network 		ZTE - ZXR10 1800-2S におけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-10930 2017-10-12 16:47 2017-08-10 Show GitHub Exploit DB Packet Storm
190469 9.1 緊急
Network 		LibRaw - LibRaw における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2017-14608 2017-10-12 16:45 2017-09-13 Show GitHub Exploit DB Packet Storm
190470 9.8 緊急
Network 		Peter Szabo - sam2p におけるバッファエラーの脆弱性 CWE-119
バッファエラー 		CVE-2017-14631 2017-10-12 16:42 2017-09-28 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 6, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1631 6.5 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS … CWE-367
CWE-918
 Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)  		CVE-2026-45619 2026-06-2 03:40 2026-05-29 Show GitHub Exploit DB Packet Storm
1632 5.3 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, objects/mention.json.php has no User::loginCheck() or admin gate. It only has an entry guard: preg_match('/^@/', $_REQUEST['term']) … CWE-204
CWE-285
 Response Discrepancy Information Exposure
Improper Authorization 		CVE-2026-45620 2026-06-2 03:39 2026-05-29 Show GitHub Exploit DB Packet Storm
1633 8.1 HIGH
Network 		n8n-mcp n8n-mcp n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.2, when ENABLE_MULTI_TENANT=true, the HTTP transport documents that th… CWE-284
Improper Access Control 		CVE-2026-45707 2026-06-2 03:39 2026-05-29 Show GitHub Exploit DB Packet Storm
1634 4.9 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $_POST['updateFile'] as a relative path under updatedb/ and passes it to PHP's file() for line-by-line executi… CWE-22
Path Traversal 		CVE-2026-45731 2026-06-2 03:39 2026-05-29 Show GitHub Exploit DB Packet Storm
1635 5.3 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, an unauthenticated remote attacker can read arbitrary image files anywhere on disk that the PHP user can open — including private us… CWE-22
Path Traversal 		CVE-2026-46337 2026-06-2 03:39 2026-05-29 Show GitHub Exploit DB Packet Storm
1636 9.8 CRITICAL
Network 		sangoma freepbx FreePBX is an open source IP PBX. From 15.0.42 to before 16.0.45 and 17.0.7, unauthenticated users may be able to access the User Control Panel (UCP) using hard-coded initial template credentials if … CWE-798
 Use of Hard-coded Credentials 		CVE-2026-46376 2026-06-2 03:38 2026-05-29 Show GitHub Exploit DB Packet Storm
1637 5.4 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, AVideo stores category descriptions from user input and later renders category_description as raw HTML in the Gallery view. A user w… CWE-79
Cross-site Scripting 		CVE-2026-47694 2026-06-2 03:38 2026-05-29 Show GitHub Exploit DB Packet Storm
1638 4.3 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, plugin/AuthorizeNet/processPayment.json.php credits the logged-in user's wallet based only on the attacker-controlled amount POST pa… CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2026-47696 2026-06-2 03:38 2026-05-29 Show GitHub Exploit DB Packet Storm
1639 - - - GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An a… CWE-94
Code Injection 		CVE-2026-45261 2026-06-2 03:38 2026-05-29 Show GitHub Exploit DB Packet Storm
1640 - - - electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bookmarks or compromised sync… CWE-94
CWE-345
CWE-494
CWE-915
Code Injection
 Insufficient Verification of Data Authenticity
 Download of Code Without Integrity Check
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-45058 2026-06-2 03:38 2026-05-29 Show GitHub Exploit DB Packet Storm