Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
216301 3.5 注意 Debian
ownCloud
- ownCloud Server Community Edition におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2015-3011 2015-05-12 15:46 2015-03-25 Show GitHub Exploit DB Packet Storm
216302 4.3 警告 KO GmbH
ownCloud
- WebODF におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2014-9716 2015-05-12 15:44 2014-12-4 Show GitHub Exploit DB Packet Storm
216303 4.3 警告 Huawei - Huawei SEQ Analyst におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2015-2347 2015-05-12 15:32 2015-04-16 Show GitHub Exploit DB Packet Storm
216304 5 警告 株式会社ラクス - メールディーラーにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2015-0915 2015-05-12 12:02 2015-05-12 Show GitHub Exploit DB Packet Storm
216305 5 警告 レッドハット - Red Hat JBoss Enterprise Application の Platformorg.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor における任意のファイルを読まれる脆弱性 CWE-200
情報漏えい
CVE-2014-3481 2015-05-11 18:22 2014-06-26 Show GitHub Exploit DB Packet Storm
216306 6.8 警告 アップル
日立
Apache Software Foundation
オラクル
- Apache HTTP Server の mod_status モジュールおけるサービス運用妨害 (DoS) の脆弱性 CWE-362
競合状態
CVE-2014-0226 2015-05-11 18:22 2014-07-14 Show GitHub Exploit DB Packet Storm
216307 5 警告 アップル
Apache Software Foundation
オラクル
- Apache HTTP Server の mod_cgid モジュールおけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題
CVE-2014-0231 2015-05-11 18:22 2014-07-14 Show GitHub Exploit DB Packet Storm
216308 4.9 警告 レッドハット - Red Hat JBoss Enterprise Application Platform で使用される JBoss Application Server の SimpleSecurityManager の isCallerInRole 関数におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2014-3472 2015-05-11 18:22 2014-08-6 Show GitHub Exploit DB Packet Storm
216309 10 危険 アップル
日立
サン・マイクロシステムズ
- Oracle Java SE の Java Runtime Environment (JRE) における Hotspot の処理に関する脆弱性 CWE-noinfo
情報不足
CVE-2012-1723 2015-05-11 16:24 2012-06-12 Show GitHub Exploit DB Packet Storm
216310 9.3 危険 マイクロソフト - Microsoft Word およびその他の製品における任意のコードを実行される脆弱性 CWE-119
バッファエラー
CVE-2014-1761 2015-05-11 16:24 2014-03-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1181 4.3 MEDIUM
Network
jenkins fitnesse Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t… CWE-256
Plaintext Storage of a Password 
CVE-2026-57302 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
1182 4.2 MEDIUM
Network
jenkins zowe_zdevops A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified… CWE-352
 Origin Validation Error
CVE-2026-57306 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
1183 4.2 MEDIUM
Network
jenkins zowe_zdevops A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe… CWE-862
 Missing Authorization
CVE-2026-57307 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
1184 7.5 HIGH
Network
shell-quote_project shell-quote shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a resu… CWE-407
 Inefficient Algorithmic Complexity
CVE-2026-13311 2026-06-27 04:03 2026-06-25 Show GitHub Exploit DB Packet Storm
1185 2.6 LOW
Network
nokogiri nokogiri Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-… CWE-178
CWE-184
CWE-611
 Improper Handling of Case Sensitivity
 Incomplete Blacklist
XXE
CVE-2026-57234 2026-06-27 04:03 2026-06-26 Show GitHub Exploit DB Packet Storm
1186 8.1 HIGH
Network
librechat librechat LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen… CWE-306
Missing Authentication for Critical Function
CVE-2026-54036 2026-06-27 04:02 2026-06-26 Show GitHub Exploit DB Packet Storm
1187 8.8 HIGH
Network
dokku dokku Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filen… CWE-95
Eval Injection
CVE-2026-45406 2026-06-27 04:01 2026-06-27 Show GitHub Exploit DB Packet Storm
1188 5.5 MEDIUM
Local
freebsd freebsd When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The … CWE-269
 Improper Privilege Management
CVE-2026-45256 2026-06-27 03:58 2026-06-27 Show GitHub Exploit DB Packet Storm
1189 7.5 HIGH
Network
apache apache-airflow-providers-ftp The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was tran… CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-49486 2026-06-27 03:58 2026-06-26 Show GitHub Exploit DB Packet Storm
1190 8.8 HIGH
Network
dokku dokku Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preve… CWE-59
Link Following
CVE-2026-45405 2026-06-27 03:56 2026-06-27 Show GitHub Exploit DB Packet Storm