Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 14, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
200541 9.8 緊急
Network 		Honeywell International Inc. - Honeywell XL Web II コントローラ XL1000C500 および XLWeb 500 におけるパスワードが平文で保存される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2017-5140 2017-03-7 15:06 2017-02-2 Show GitHub Exploit DB Packet Storm
200542 9.8 緊急
Network 		Honeywell International Inc. - Honeywell XL Web II コントローラ XL1000C500 および XLWeb 500 におけるパスワードを公開される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-5139 2017-03-7 15:06 2017-02-2 Show GitHub Exploit DB Packet Storm
200543 4.7 警告
Network 		MantisBT Group - MantisBT におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-7111 2017-03-7 14:01 2016-08-27 Show GitHub Exploit DB Packet Storm
200544 6.1 警告
Network 		MantisBT Group - MantisBT の manage_custom_field_edit_page.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-5364 2017-03-7 14:01 2016-05-27 Show GitHub Exploit DB Packet Storm
200545 7.8 重要
Local 		Debian - shadow における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2016-6252 2017-03-6 17:54 2016-07-24 Show GitHub Exploit DB Packet Storm
200546 7.5 重要
Network 		libarchive
openSUSE project		 - libarchive の archive_read_support_format_7zip.c の read_Header 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-125
境界外読み取り 		CVE-2016-8689 2017-03-6 17:30 2016-09-19 Show GitHub Exploit DB Packet Storm
200547 5.5 警告
Local 		libarchive
openSUSE project		 - libarchive の mtree bidder におけるサービス運用妨害 (DoS) の脆弱性 CWE-125
境界外読み取り 		CVE-2016-8688 2017-03-6 17:30 2016-09-19 Show GitHub Exploit DB Packet Storm
200548 7.5 重要
Network 		libarchive
openSUSE project		 - libarchive の tar/util.c の safe_fprintf 関数におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2016-8687 2017-03-6 17:30 2016-08-22 Show GitHub Exploit DB Packet Storm
200549 5.5 警告
Local 		Libav - Libav の aac_parser.c の aac_sync 関数におけるスタックベースのバッファオーバーフローの脆弱性 CWE-125
境界外読み取り 		CVE-2016-7393 2017-03-6 17:05 2016-08-20 Show GitHub Exploit DB Packet Storm
200550 5.5 警告
Local 		Libav - Libav の aacsbr.c の sbr_make_f_master 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-369
ゼロ除算 		CVE-2016-7499 2017-03-6 17:01 2016-09-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
761 6.5 MEDIUM
Network 		- - Russh is a Rust SSH client & server library. From version 0.37.0 to before version 0.61.0, in the russh client keyboard-interactive authentication path, a malicious SSH server could send a USERAUTH_I… New CWE-20
 Improper Input Validation  		CVE-2026-48107 2026-06-12 00:24 2026-06-11 Show GitHub Exploit DB Packet Storm
762 5.3 MEDIUM
Network 		- - Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, … New CWE-20
 Improper Input Validation  		CVE-2026-48108 2026-06-12 00:24 2026-06-11 Show GitHub Exploit DB Packet Storm
763 - - - Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the … New CWE-20
 Improper Input Validation  		CVE-2026-53901 2026-06-12 00:24 2026-06-11 Show GitHub Exploit DB Packet Storm
764 - - - Cerebrate before version 1.37 allowed the id primary key field to be supplied through request input during CRUD edit operations and certain custom entity patching flows. In affected entities that did… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-53911 2026-06-12 00:24 2026-06-11 Show GitHub Exploit DB Packet Storm
765 - - - Cerebrate before version 1.37 exposed credential material from self-registration requests. The self-registration workflow stored the registrant’s hashed password in the inbox message data payload. Th… New CWE-200
Information Exposure 		CVE-2026-53912 2026-06-12 00:24 2026-06-11 Show GitHub Exploit DB Packet Storm
766 8.7 HIGH
Network 		- - GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authentic… New CWE-79
Cross-site Scripting 		CVE-2026-10087 2026-06-12 00:22 2026-06-11 Show GitHub Exploit DB Packet Storm
767 4.3 MEDIUM
Network 		- - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that could have allowed an authenticated user to cause den… New CWE-1021
 Improper Restriction of Rendered UI Layers or Frames 		CVE-2026-10733 2026-06-12 00:22 2026-06-11 Show GitHub Exploit DB Packet Storm
768 6.5 MEDIUM
Network 		- - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authe… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-1500 2026-06-12 00:22 2026-06-11 Show GitHub Exploit DB Packet Storm
769 3.1 LOW
Network 		- - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authen… New CWE-863
 Incorrect Authorization 		CVE-2026-3553 2026-06-12 00:22 2026-06-11 Show GitHub Exploit DB Packet Storm
770 - - - A Missing Authorization vulnerability in the playbook import functionality in Dialogflow CX on Google Cloud Platform allows an authenticated user with specific roles to escalate privileges and potent… New CWE-862
 Missing Authorization 		CVE-2026-4764 2026-06-12 00:22 2026-06-11 Show GitHub Exploit DB Packet Storm