Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 5, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
216671 7.5 危険 Subex Limited - Subex ROC Fraud Management のログインページにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2014-8728 2014-12-3 14:56 2014-08-30 Show GitHub Exploit DB Packet Storm
216672 6 警告 Enalean - Tuleap の project/register.php における PHP オブジェクトインジェクション攻撃を実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2014-8791 2014-12-3 14:30 2014-11-27 Show GitHub Exploit DB Packet Storm
216673 7.2 危険 OSSEC - OSSEC の host-deny.sh における hosts.deny のアクセス制限を変更される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-5284 2014-12-3 14:21 2014-09-9 Show GitHub Exploit DB Packet Storm
216674 5 警告 レッドハット - OpenStack PackStack におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-3703 2014-12-3 14:10 2014-10-22 Show GitHub Exploit DB Packet Storm
216675 2.1 注意 FedUp project
Fedora Project		 - Fedora の fedup におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2013-6494 2014-12-3 12:21 2013-11-4 Show GitHub Exploit DB Packet Storm
216676 4 警告 filefield project - Drupal 用 FileField モジュールにおけるコンテンツを作成される脆弱性 CWE-200
情報漏えい 		CVE-2014-9156 2014-12-2 18:43 2014-07-16 Show GitHub Exploit DB Packet Storm
216677 4 警告 Avatar Uploader project - Drupal 用 Avatar Uploader モジュールにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2014-9155 2014-12-2 18:43 2014-09-1 Show GitHub Exploit DB Packet Storm
216678 4 警告 notify project - Drupal 用 Notify モジュールにおけるノードのタイトルを取得される脆弱性 CWE-200
情報漏えい 		CVE-2014-9154 2014-12-2 18:42 2014-08-13 Show GitHub Exploit DB Packet Storm
216679 4.3 警告 Services project - Drupal 用 Services モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-9153 2014-12-2 18:40 2014-09-24 Show GitHub Exploit DB Packet Storm
216680 7.5 危険 Services project - Drupal 用 Services モジュールの _user_resource_create 関数におけるパスワードを推測される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2014-9152 2014-12-2 18:40 2014-09-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
151 8.5 HIGH
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.5, 2026.2.3, and 2026.5.1, authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstre… New CWE-20
 Improper Input Validation  		CVE-2026-47201 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
152 8.8 HIGH
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, an attacker with the ability to change a source connection, and an account in one of the configured… New CWE-287
Improper Authentication 		CVE-2026-49443 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
153 9.8 CRITICAL
Network 		- - authentik is an open-source identity provider. Prior to versions 2025.12.6, 2026.2.4, and 2026.5.1, the Source stage can be bypassed by sending an empty POST. This issue has been patched in versions … New CWE-287
Improper Authentication 		CVE-2026-49448 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
154 8.0 HIGH
Network 		- - alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5-2606, a sandbox escape vulnerability in the alf.io extension script en… New CWE-863
 Incorrect Authorization 		CVE-2026-35482 2026-06-5 00:49 2026-06-3 Show GitHub Exploit DB Packet Storm
155 7.1 HIGH
Local 		- - Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability aff… New CWE-476
 NULL Pointer Dereference 		CVE-2026-8035 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
156 7.1 HIGH
Local 		- - Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p… New CWE-1285
 Improper Validation of Specified Index, Position, or Offset in Input 		CVE-2026-8036 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
157 7.1 HIGH
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys mana… New CWE-862
 Missing Authorization 		CVE-2026-31942 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
158 9.6 CRITICAL
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders aga… New CWE-200
Information Exposure 		CVE-2026-32625 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
159 6.5 MEDIUM
Network 		- - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted a… New CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-44653 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm
160 - - - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the o… New CWE-863
 Incorrect Authorization 		CVE-2026-44654 2026-06-5 00:48 2026-06-3 Show GitHub Exploit DB Packet Storm