Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 14, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
204901 4.9 警告
Network 		F5 Networks - F5 BIG-IP システムの Configuration utility における Access Policy Manager のアクセスログを読まれる脆弱性 CWE-200
情報漏えい 		CVE-2016-1497 2016-08-29 15:22 2016-08-10 Show GitHub Exploit DB Packet Storm
204902 8.8 重要
Network 		openSUSE project
Roundcube.net		 - Roundcube Webmail におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2016-4069 2016-08-29 12:27 2016-04-20 Show GitHub Exploit DB Packet Storm
204903 5.9 警告
Network 		カスペルスキー - Kaspersky Safe Browser iOS における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-6231 2016-08-29 12:14 2016-07-28 Show GitHub Exploit DB Packet Storm
204904 8.8 重要
Network 		レッドハット - Red Hat CloudForms の Web UI における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2016-5383 2016-08-29 11:49 2016-08-18 Show GitHub Exploit DB Packet Storm
204905 7.8 重要
Local 		シスコシステムズ - Cisco AnyConnect Secure Mobility Client における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-6369 2016-08-29 11:40 2016-08-24 Show GitHub Exploit DB Packet Storm
204906 5.3 警告
Network 		日立
オラクル		 - 複数の Oracle Java 製品における JAXP に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-3425 2016-08-26 18:02 2016-04-19 Show GitHub Exploit DB Packet Storm
204907 9.6 緊急
Network 		日立
オラクル		 - Oracle Java SE および Java SE Embedded における Hotspot に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0687 2016-08-26 18:02 2016-04-19 Show GitHub Exploit DB Packet Storm
204908 8.1 重要
Network 		SUSE
IBM
レッドハット		 - IBM SDK, Java Technology Edition の com.ibm.CORBA.iiop.ClientDelegate クラスにおける setSecurityManager を呼び出される脆弱性 CWE-20
不適切な入力確認 		CVE-2016-0363 2016-08-26 17:56 2016-04-26 Show GitHub Exploit DB Packet Storm
204909 8.1 重要
Network 		SUSE
IBM
レッドハット		 - IBM SDK, Java Technology Edition の com.ibm.rmi.io.SunSerializableFactory クラスにおけるサンドボックス保護メカニズムを回避される脆弱性 CWE-Other
その他 		CVE-2016-0376 2016-08-26 17:56 2016-04-26 Show GitHub Exploit DB Packet Storm
204910 5.6 警告
Network 		SUSE
IBM
レッドハット		 - IBM SDK, Java Technology Edition の Java Virtual Machine におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2016-0264 2016-08-26 17:56 2016-04-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1591 - - - In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before us… - CVE-2026-46326 2026-06-9 23:16 2026-06-9 Show GitHub Exploit DB Packet Storm
1592 - - - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions … - CVE-2026-46325 2026-06-9 23:16 2026-06-9 Show GitHub Exploit DB Packet Storm
1593 6.1 MEDIUM
Network 		- - Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame… CWE-79
Cross-site Scripting 		CVE-2026-38579 2026-06-9 23:16 2026-06-6 Show GitHub Exploit DB Packet Storm
1594 - - - A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve pr… CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-2638 2026-06-9 23:16 2026-06-9 Show GitHub Exploit DB Packet Storm
1595 8.3 HIGH
Network 		- - Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… CWE-472
 External Control of Assumed-Immutable Web Parameter 		CVE-2026-11640 2026-06-9 23:16 2026-06-9 Show GitHub Exploit DB Packet Storm
1596 8.8 HIGH
Network 		- - Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exe… CWE-78
CWE-77
OS Command 
Command Injection 		CVE-2026-11572 2026-06-9 23:16 2026-06-9 Show GitHub Exploit DB Packet Storm
1597 6.5 MEDIUM
Network 		google chrome Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CWE-693
 Protection Mechanism Failure 		CVE-2026-11288 2026-06-9 22:59 2026-06-5 Show GitHub Exploit DB Packet Storm
1598 6.5 MEDIUM
Network 		google chrome Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) CWE-1300
CWE-203
 Improper Protection of Physical Side Channels
 Information Exposure Through Discrepancy 		CVE-2026-11289 2026-06-9 22:58 2026-06-5 Show GitHub Exploit DB Packet Storm
1599 7.5 HIGH
Network 		- - Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulne… CWE-121
Stack-based Buffer Overflow 		CVE-2026-36789 2026-06-9 22:57 2026-06-9 Show GitHub Exploit DB Packet Storm
1600 6.5 MEDIUM
Network 		- - OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account c… CWE-348
 Use of Less Trusted Source 		CVE-2020-37248 2026-06-9 22:57 2026-06-9 Show GitHub Exploit DB Packet Storm