Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 13, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
193761 5.3 警告
Network 		MantisBT Group - MantisBT における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2015-5059 2017-09-1 13:52 2015-06-24 Show GitHub Exploit DB Packet Storm
193762 5.5 警告
Local 		divfix - DivFix++ における境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2017-11330 2017-09-1 13:52 2017-07-30 Show GitHub Exploit DB Packet Storm
193763 5.5 警告
Local 		Nosefart project - Nosefart における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2017-11119 2017-09-1 13:52 2017-07-30 Show GitHub Exploit DB Packet Storm
193764 9.8 緊急
Network 		Papendorf Software Engineering GmbH - SOL.Connect ISET-mpp meter における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2017-11494 2017-09-1 13:52 2017-08-1 Show GitHub Exploit DB Packet Storm
193765 7.5 重要
Network 		Sendio, Inc. - Sendio におけるファイルおよびディレクトリ情報の漏えいに関する脆弱性 CWE-538
ファイルおよびディレクトリ情報の漏えい 		CVE-2016-10399 2017-09-1 13:50 2017-05-30 Show GitHub Exploit DB Packet Storm
193766 4.9 警告
Network 		GLPI-PROJECT.ORG - GLPI における入力確認に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2017-11183 2017-09-1 13:44 2017-07-13 Show GitHub Exploit DB Packet Storm
193767 5.5 警告
Local 		Twibright Labs - Twibright Links における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2017-11114 2017-09-1 13:44 2017-07-30 Show GitHub Exploit DB Packet Storm
193768 7.5 重要
Network 		Christian Schramm - shoco における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2017-11367 2017-09-1 12:30 2017-02-22 Show GitHub Exploit DB Packet Storm
193769 6.5 警告
Network 		heinekingmedia GmbH - heinekingmedia StashCat における鍵管理のエラーに関する脆弱性 CWE-320
鍵管理のエラー 		CVE-2017-11136 2017-09-1 11:46 2017-07-31 Show GitHub Exploit DB Packet Storm
193770 7.5 重要
Network 		heinekingmedia GmbH - heinekingmedia StashCat における認可に関する脆弱性 CWE-285
不適切な認可 		CVE-2017-11135 2017-09-1 11:46 2017-07-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 13, 2026, 4:20 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
3361 8.8 HIGH
Network 		sangoma freepbx FreePBX is an open source IP PBX. Prior to 16.0.50 and 17.0.11, the CDR Reports module page allows SQL injection through the order and sort POST parameters. Authentication with a FreePBX Administrati… CWE-89
SQL Injection 		CVE-2026-44238 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3362 8.8 HIGH
Network 		sangoma freepbx FreePBX is an open source IP PBX. Prior to 16.0.22 and 17.0.5, the Dashboard module's getcontent AJAX handler includes PHP files based on user-supplied input without path sanitization. The $_REQUEST[… CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 		CVE-2026-44239 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3363 9.8 CRITICAL
Network 		- - Marten is a .NET Transactional Document DB and Event Store on PostgreSQL. Prior to 8.36.1, Marten's full-text search APIs interpolated the user-supplied regConfig parameter directly into the generate… CWE-89
SQL Injection 		CVE-2026-45288 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3364 7.3 HIGH
Network 		- - Better Auth is an authentication and authorization library for TypeScript. Prior to 1.4.17 and 1.5.0-beta.9, Better Auth's HTTP rate limiter keyed each request by the exact textual IP address it rece… CWE-307
mproper Restriction of Excessive Authentication Attempts 		CVE-2026-45364 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3365 4.7 MEDIUM
Network 		- - typescript-utcp is a typescript implementation of UTCP. Prior to 1.1.2, the @utcp/http package is vulnerable to a blind Server-Side Request Forgery (SSRF) caused by a trust-boundary inconsistency bet… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45366 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3366 8.8 HIGH
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a classic shell-metacharacter injection. The YPTSocket notification branch in plugin/Live/on_publish.php builds an execAsyn… CWE-78
OS Command  		CVE-2026-45578 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3367 5.4 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a stored cross-site scripting vulnerability. The Live plugin's "YouTube-style" view renders the live transmission's stream … CWE-79
Cross-site Scripting 		CVE-2026-45580 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3368 6.5 MEDIUM
Network 		n8n-mcp n8n-mcp n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to 2.51.3, the workflow telemetry sanitizer could retain partial fragments of … CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-45582 2026-06-2 03:41 2026-05-29 Show GitHub Exploit DB Packet Storm
3369 6.5 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA val… CWE-306
CWE-352
Missing Authentication for Critical Function
 Origin Validation Error 		CVE-2026-45610 2026-06-2 03:40 2026-05-29 Show GitHub Exploit DB Packet Storm
3370 6.5 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In 29.0 and earlier, EpgParser.php, plugin/AI/receiveAsync.json.php, and other locations do not use the $resolvedIP out-param of isSSRFSafeURL() for DNS … CWE-367
CWE-918
 Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)  		CVE-2026-45619 2026-06-2 03:40 2026-05-29 Show GitHub Exploit DB Packet Storm