Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
192971 7.8 重要
Local 		freedesktop.org - Poppler における NULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2017-15565 2017-11-2 11:55 2017-10-12 Show GitHub Exploit DB Packet Storm
192972 9.8 緊急
Network 		Fiyo CMS - Fiyo CMS におけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2014-9148 2017-11-2 11:51 2014-11-29 Show GitHub Exploit DB Packet Storm
192973 7.5 重要
Network 		Fiyo CMS - Fiyo CMS における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2014-9147 2017-11-2 11:51 2014-11-29 Show GitHub Exploit DB Packet Storm
192974 5.5 警告
Local 		Umbraco - Umbraco CMS における XML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2017-15280 2017-11-2 11:50 2017-10-6 Show GitHub Exploit DB Packet Storm
192975 5.4 警告
Network 		Umbraco - Umbraco CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-15279 2017-11-2 11:50 2017-10-6 Show GitHub Exploit DB Packet Storm
192976 7.5 重要
Network 		Fabrice Bellard - QEMU におけるリソース管理に関する脆弱性 CWE-399
リソース管理の問題 		CVE-2017-15268 2017-11-2 11:50 2017-10-17 Show GitHub Exploit DB Packet Storm
192977 6.1 警告
Network 		NexusPHP project - NexusPHP における クロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-15305 2017-11-2 11:45 2017-10-14 Show GitHub Exploit DB Packet Storm
192978 9.8 緊急
Network 		Store Locator project - WordPress 用 Store Locator プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2014-8621 2017-11-2 11:41 2014-11-5 Show GitHub Exploit DB Packet Storm
192979 6.1 警告
Network 		post highlights project - WordPress 用 post highlights プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-8087 2017-11-2 11:41 2014-11-3 Show GitHub Exploit DB Packet Storm
192980 7.5 重要
Network 		GNU Project - GNU Libextractor における NULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2017-15267 2017-11-2 11:40 2017-10-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
811 8.8 HIGH
Network 		jenkins official_owasp_zap Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary c… New CWE-610
Externally Controlled Reference to a Resource in Another Sphere 		CVE-2026-57301 2026-06-27 04:06 2026-06-24 Show GitHub Exploit DB Packet Storm
812 4.3 MEDIUM
Network 		jenkins fitnesse Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t… New CWE-256
Plaintext Storage of a Password  		CVE-2026-57302 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
813 4.2 MEDIUM
Network 		jenkins zowe_zdevops A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified… New CWE-352
 Origin Validation Error 		CVE-2026-57306 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
814 4.2 MEDIUM
Network 		jenkins zowe_zdevops A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe… New CWE-862
 Missing Authorization 		CVE-2026-57307 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
815 7.5 HIGH
Network 		shell-quote_project shell-quote shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a resu… New CWE-407
 Inefficient Algorithmic Complexity 		CVE-2026-13311 2026-06-27 04:03 2026-06-25 Show GitHub Exploit DB Packet Storm
816 2.6 LOW
Network 		nokogiri nokogiri Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-… New CWE-178
CWE-184
CWE-611
 Improper Handling of Case Sensitivity
 Incomplete Blacklist
XXE 		CVE-2026-57234 2026-06-27 04:03 2026-06-26 Show GitHub Exploit DB Packet Storm
817 8.1 HIGH
Network 		librechat librechat LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen… New CWE-306
Missing Authentication for Critical Function 		CVE-2026-54036 2026-06-27 04:02 2026-06-26 Show GitHub Exploit DB Packet Storm
818 8.8 HIGH
Network 		dokku dokku Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filen… New CWE-95
Eval Injection 		CVE-2026-45406 2026-06-27 04:01 2026-06-27 Show GitHub Exploit DB Packet Storm
819 5.5 MEDIUM
Local 		freebsd freebsd When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The … New CWE-269
 Improper Privilege Management 		CVE-2026-45256 2026-06-27 03:58 2026-06-27 Show GitHub Exploit DB Packet Storm
820 7.5 HIGH
Network 		apache apache-airflow-providers-ftp The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was tran… New CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-49486 2026-06-27 03:58 2026-06-26 Show GitHub Exploit DB Packet Storm