Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 28, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
199341 8 重要
Network 		Zoho Corporation - ManageEngine Password Manager Pro にクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2016-1161 2017-05-23 16:14 2016-07-1 Show GitHub Exploit DB Packet Storm
199342 8.1 重要
Network 		LINE株式会社 - LINE PC版(Windows版)におけるダウンロードファイル検証不備の脆弱性 CWE-noinfo
情報不足 		CVE-2016-4850 2017-05-23 14:25 2016-08-25 Show GitHub Exploit DB Packet Storm
199343 8.8 重要
Adjacent 		ソニービジネスソリューション - ソニー製の複数のネットワークカメラ製品に脆弱性 CWE-200
情報漏えい 		CVE-2016-7834 2017-05-23 14:25 2016-11-29 Show GitHub Exploit DB Packet Storm
199344 3.7
Network 		Zoho Corporation - ManageEngine ServiceDesk Plus における Cookie の生成処理に関する脆弱性 CWE-Other
その他 		CVE-2016-4890 2017-05-23 14:25 2016-09-29 Show GitHub Exploit DB Packet Storm
199345 5.4 警告
Network 		Zoho Corporation - ManageEngine ServiceDesk Plus におけるアクセス制限不備の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-4889 2017-05-23 14:25 2016-09-29 Show GitHub Exploit DB Packet Storm
199346 5.4 警告
Network 		Zoho Corporation - ManageEngine ServiceDesk Plus におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-4888 2017-05-23 14:25 2016-09-29 Show GitHub Exploit DB Packet Storm
199347 6.1 警告
Network 		株式会社アイビー・ウィー - Geeklog IVYWE版の複数のプラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-4875 2017-05-23 14:25 2016-09-23 Show GitHub Exploit DB Packet Storm
199348 6.1 警告
Network 		株式会社アイビー・ウィー - Geeklog IVYWE版におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-4849 2017-05-23 14:25 2016-08-19 Show GitHub Exploit DB Packet Storm
199349 6.1 警告
Network 		OSSEC - OSSEC Web UI におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-4847 2017-05-23 14:25 2016-08-18 Show GitHub Exploit DB Packet Storm
199350 9.1 緊急
Network 		grabacr.net - 「提督業も忙しい!」(KanColleViewer) がオープンプロキシとして動作する問題 CWE-441
フィルタリング回避 		CVE-2015-2947 2017-05-23 14:25 2015-05-26 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1281 6.2 MEDIUM
Local 		- - A flaw was found in foreman-mcp-server. This component utilizes two distinct logging mechanisms that can expose sensitive session and authentication data. One mechanism logs session identifiers, whic… New CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2026-9073 2026-06-26 01:14 2026-06-24 Show GitHub Exploit DB Packet Storm
1282 - - - Incorrect check of function return value in Caliptra Core Runtime Firmware (ActivateFirmwareCmd::activate_fw modules) allows bypass of Caliptra Core's verification of the MCU FW during a hitless upda… New CWE-253
 Incorrect Check of Function Return Value 		CVE-2026-5818 2026-06-26 01:14 2026-06-24 Show GitHub Exploit DB Packet Storm
1283 - - - Missing cryptographic step in Caliptra Core Firmware (aes_256_gcm_update module) results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardwar… New CWE-325
 Missing Required Cryptographic Step 		CVE-2026-6458 2026-06-26 01:14 2026-06-24 Show GitHub Exploit DB Packet Storm
1284 5.8 MEDIUM
Network 		- - Ghost is a Node.js content management system. From 6.0.9 until 6.21.1, when making an external request, it is possible to bypass the IP filter that ensures the request isn't going to an internal serv… New CWE-184
CWE-918
 Incomplete Blacklist
Server-Side Request Forgery (SSRF)  		CVE-2026-53944 2026-06-26 01:07 2026-06-25 Show GitHub Exploit DB Packet Storm
1285 5.4 MEDIUM
Network 		- - Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, insufficient validation of the client-supplied Content-Type on Ghost's Admin API file upload endpoint allowed uploaded files to… New CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-53948 2026-06-26 01:07 2026-06-25 Show GitHub Exploit DB Packet Storm
1286 5.3 MEDIUM
Network 		- - Ghost is a Node.js content management system. From 5.46.1 until 6.21.2, the validation applied to filters on the public API endpoints could be partially bypassed, making it possible to reveal private… New CWE-200
CWE-693
Information Exposure
 Protection Mechanism Failure 		CVE-2026-53949 2026-06-26 01:07 2026-06-25 Show GitHub Exploit DB Packet Storm
1287 7.5 HIGH
Network 		- - @tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised Activ… New CWE-79
Cross-site Scripting 		CVE-2026-53950 2026-06-26 01:07 2026-06-25 Show GitHub Exploit DB Packet Storm
1288 5.7 MEDIUM
Network 		- - Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context o… New CWE-79
Cross-site Scripting 		CVE-2026-49220 2026-06-26 01:06 2026-06-25 Show GitHub Exploit DB Packet Storm
1289 9.6 CRITICAL
Network 		- - Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticate… New CWE-524
 Use of Cache Containing Sensitive Information 		CVE-2026-53943 2026-06-26 01:06 2026-06-25 Show GitHub Exploit DB Packet Storm
1290 6.0 MEDIUM
Network 		- - OS Command Injection vulnerability in Rapid7 InsightConnect SQLmap Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the api_host or api_port parameters during conne… New CWE-78
OS Command  		CVE-2026-8659 2026-06-26 01:04 2026-06-25 Show GitHub Exploit DB Packet Storm