Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
205361 7 重要
Local 		Google - Android の Conscrypt の OpenSSLCipher.java におけるメッセージの認証を偽造される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2462 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205362 7 重要
Local 		Google - Android の Conscrypt の OpenSSLCipher.java におけるメッセージの認証を偽造される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2461 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205363 5.5 警告
Local 		Google - Android のメディアサーバにおける重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-2460 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205364 5.5 警告
Local 		Google - Android のメディアサーバにおける重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-2459 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205365 5.5 警告
Local 		Google - Android の AOSP Mail の構成機能における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-2458 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205366 5.5 警告
Local 		Google - Android の Wi-Fi の server/pm/UserManagerService.java における Wi-Fi の設定の変更の制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2457 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205367 7.8 重要
Local 		Google - Android のメディアサーバの libstagefright の codecs/amrnb/dec/SoftAMR.cpp における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2452 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205368 7.8 重要
Local 		Google - Android のメディアサーバの libstagefright の codecs/on2/dec/SoftVPX.cpp における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2451 2016-05-12 16:44 2016-05-2 Show GitHub Exploit DB Packet Storm
205369 7.8 重要
Local 		Google - Android のメディアサーバの libstagefright の codecs/on2/enc/SoftVPXEncoder.cpp における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2450 2016-05-12 16:43 2016-05-2 Show GitHub Exploit DB Packet Storm
205370 7.8 重要
Local 		Google - Android のメディアサーバの services/camera/libcameraservice/device3/Camera3Device.cpp における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2449 2016-05-12 16:43 2016-05-2 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
151 8.5 HIGH
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstre… New CWE-20
 Improper Input Validation  		CVE-2026-47201 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
152 8.8 HIGH
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured… New CWE-287
Improper Authentication 		CVE-2026-49443 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
153 9.8 CRITICAL
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions … New CWE-287
Improper Authentication 		CVE-2026-49448 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
154 8.0 HIGH
Network 		- - alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script en… New CWE-863
 Incorrect Authorization 		CVE-2026-35482 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
155 7.1 HIGH
Local 		- - Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability aff… New CWE-476
 NULL Pointer Dereference 		CVE-2026-8035 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
156 7.1 HIGH
Local 		- - Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p… New CWE-1285
 Improper Validation of Specified Index, Position, or Offset in Input 		CVE-2026-8036 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
157 7.1 HIGH
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys mana… New CWE-862
 Missing Authorization 		CVE-2026-31942 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
158 9.6 CRITICAL
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga… New CWE-200
Information Exposure 		CVE-2026-32625 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
159 6.5 MEDIUM
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a… New CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-44653 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
160 - - - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o… New CWE-863
 Incorrect Authorization 		CVE-2026-44654 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm