Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 21, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
204571 7.3 重要
Local 		Google
Linux		 - arm64 プラットフォーム上で稼動する Linux Kernel の arch/arm64/kernel/perf_event.c における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-8955 2016-10-13 17:07 2015-03-18 Show GitHub Exploit DB Packet Storm
204572 9.8 緊急
Network 		Linux - MSM デバイスなどの製品用 QuIC Android コントリビューションで使用される Linux Kernel の ADSPRPC ドライバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-362
競合状態 		CVE-2015-0572 2016-10-13 17:07 2016-06-10 Show GitHub Exploit DB Packet Storm
204573 7.4 重要
Local 		Linux
レッドハット		 - Red Hat Enterprise Linux および Enterprise MRG で使用される Linux Kernel における Secure Boot 制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-3699 2016-10-13 17:04 2016-04-22 Show GitHub Exploit DB Packet Storm
204574 8.8 重要
Network 		レッドハット - Red Hat CloudForms Management Engine における任意のシェルコマンドを実行される脆弱性 CWE-Other
その他 		CVE-2016-7040 2016-10-13 17:03 2016-10-4 Show GitHub Exploit DB Packet Storm
204575 7.5 重要
Network 		GNU Project
openSUSE project
Fedora Project		 - GNU C Library の makecontext 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2016-6323 2016-10-13 15:51 2016-08-15 Show GitHub Exploit DB Packet Storm
204576 5.5 警告
Local 		Debian
Libav		 - libav の x86/rnd_template.c の put_no_rnd_pixels8_xy2_mmx 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2016-7424 2016-10-13 15:28 2016-09-16 Show GitHub Exploit DB Packet Storm
204577 6.3 警告
Local 		シトリックス・システムズ
Xen プロジェクト		 - Xen におけるゲストの任意のタスクに属する複数のレジスタのステート情報を読まれる脆弱性 CWE-362
競合状態 		CVE-2016-7777 2016-10-13 15:09 2016-10-4 Show GitHub Exploit DB Packet Storm
204578 5.9 警告
Network 		Node.js Foundation
SUSE		 - Node.js の tls.checkServerIdentity 関数におけるサーバになりすまされる脆弱性 CWE-Other
その他 		CVE-2016-7099 2016-10-13 14:06 2016-09-23 Show GitHub Exploit DB Packet Storm
204579 6.1 警告
Network 		Node.js Foundation
SUSE		 - Node.js の ServerResponse#writeHead 関数における CRLF インジェクションの脆弱性 CWE-Other
その他 		CVE-2016-5325 2016-10-13 14:06 2016-09-23 Show GitHub Exploit DB Packet Storm
204580 4.8 警告
Network 		ビーツーワンソフト・インコーポレイテッド - BASP21 におけるメールヘッダインジェクションの脆弱性 CWE-20
不適切な入力確認 		CVE-2007-1713 2016-10-13 12:03 2007-03-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 21, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2881 9.1 CRITICAL
Network 		netty netty-incubator-codec-ohttp The netty incubator codec.bhttp is a java language binary http parser. The library implements Oblivious HTTP (RFC 9458) using BoringSSL's HPKE C library via JNI. When deriving native memory addresses… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2026-48040 2026-06-6 06:04 2026-06-5 Show GitHub Exploit DB Packet Storm
2882 5.3 MEDIUM
Network 		netty netty-incubator-codec-ohttp The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distin… CWE-330
 Use of Insufficiently Random Values 		CVE-2026-41207 2026-06-6 06:01 2026-06-5 Show GitHub Exploit DB Packet Storm
2883 - - - A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network a… CWE-22
CWE-798
Path Traversal
 Use of Hard-coded Credentials 		CVE-2026-11414 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2884 - - - A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authen… CWE-22
CWE-434
Path Traversal
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-11419 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2885 - - - Two path traversal vulnerabilities in the Network Installation Service (NIS) of Altium Enterprise Server allow an unauthenticated network attacker to write arbitrary files to any writable location on… CWE-22
CWE-306
Path Traversal
Missing Authentication for Critical Function 		CVE-2026-11420 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2886 8.0 HIGH
Network 		- - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges t… CWE-426
 Untrusted Search Path 		CVE-2026-11400 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2887 8.0 HIGH
Network 		- - An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to … CWE-426
 Untrusted Search Path 		CVE-2026-11401 2026-06-6 05:49 2026-06-6 Show GitHub Exploit DB Packet Storm
2888 - - - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 25.0.0 and prior to version 26.0.0, the haxcms_refresh_token cookie is set without the Secure flag. This allow… CWE-614
 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 		CVE-2026-46398 2026-06-6 05:48 2026-06-6 Show GitHub Exploit DB Packet Storm
2889 7.5 HIGH
Network 		- - HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.1 use `uniqid` for generating salts, which is unsuitable. Version 26.0.1 fixes the issue. CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2026-46493 2026-06-6 05:48 2026-06-6 Show GitHub Exploit DB Packet Storm
2890 7.1 HIGH
Adjacent 		securly securly Version 3.0.7 of the Securly Chrome Extension downloads JSON files containing crisis alert keywords and filtering rules over unencrypted HTTP via the Fetch API. Other endpoints in the same extension … CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-8874 2026-06-6 05:47 2026-06-4 Show GitHub Exploit DB Packet Storm