Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
216951 5 警告 IBM - Android 用 IBM Notes Traveler アプリケーションにおける重要な情報を取得される脆弱性 CWE-200
CWE-Other
CVE-2014-6130 2014-11-12 15:03 2014-11-1 Show GitHub Exploit DB Packet Storm
216952 5.4 警告 Flurry - Android 用 Flurry ライブラリにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-6024 2014-11-12 14:57 2014-09-3 Show GitHub Exploit DB Packet Storm
216953 5.4 警告 Runtastic - Android 用 Runtastic Pedometer アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5688 2014-11-12 14:55 2014-09-3 Show GitHub Exploit DB Packet Storm
216954 5.4 警告 Runtastic - Android 用 Runtastic Mountain Bike アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5687 2014-11-12 14:53 2014-09-3 Show GitHub Exploit DB Packet Storm
216955 5.4 警告 Runtastic - Android 用 Runtastic Me アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5686 2014-11-12 14:52 2014-09-3 Show GitHub Exploit DB Packet Storm
216956 5.4 警告 Runtastic - Android 用 Runtastic Road Bike アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5689 2014-11-12 14:31 2014-09-3 Show GitHub Exploit DB Packet Storm
216957 5.4 警告 Runtastic - Android 用 Runtastic Timer アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5690 2014-11-12 14:24 2014-09-3 Show GitHub Exploit DB Packet Storm
216958 5.4 警告 Runtastic - Android 用 Runtastic Heart Rate アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5685 2014-11-12 14:16 2014-09-3 Show GitHub Exploit DB Packet Storm
216959 5.4 警告 RV AppStudios - Android 用 Best Phone Security アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5691 2014-11-12 14:15 2014-09-3 Show GitHub Exploit DB Packet Storm
216960 5.4 警告 NQ Mobile - Android 用 Vault-Hide SMS ,Pics & Videos アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-5667 2014-11-12 14:08 2014-09-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
111 7.3 HIGH
Network 		- - Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialize… New CWE-502
 Deserialization of Untrusted Data 		CVE-2026-45360 2026-06-3 02:16 2026-06-1 Show GitHub Exploit DB Packet Storm
112 6.1 MEDIUM
Network 		authlib authlib Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to 1.6.12 and 1.7.1, an unauthenticated open redirect in Authlib's OpenIDImplicitGrant and OpenIDHybridGrant authoriza… Update CWE-601
CWE-863
Open Redirect
 Incorrect Authorization 		CVE-2026-44681 2026-06-3 02:16 2026-05-28 Show GitHub Exploit DB Packet Storm
113 6.5 MEDIUM
Network 		apache airflow A bug in Apache Airflow's Variable response masker caused nested-key redaction (triggered by secret-suffixed key names like `password`, `token`, `secret`, `api_key`) to be bypassed when the JSON valu… New CWE-200
Information Exposure 		CVE-2026-42358 2026-06-3 02:16 2026-06-1 Show GitHub Exploit DB Packet Storm
114 4.3 MEDIUM
Network 		- - An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMER_GROUP_DESCRIBE (69) API validates the DESCRIBE operation on the GROUP resource instead… New CWE-285
Improper Authorization 		CVE-2026-41115 2026-06-3 02:16 2026-06-2 Show GitHub Exploit DB Packet Storm
115 5.9 MEDIUM
Network 		apache airflow Apache Airflow's `JWTRefreshMiddleware` set the JWT auth cookie without the `Secure` flag, so deployments running the Airflow API server behind an HTTPS-terminating reverse proxy (e.g. nginx / Envoy … New CWE-614
 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 		CVE-2026-41017 2026-06-3 02:16 2026-06-1 Show GitHub Exploit DB Packet Storm
116 7.5 HIGH
Network 		- - FlexRIC v2.0.0 trusts the xapp_id field from E42 message payloads without binding it to the sender's SCTP association. The validation function valid_xapp_id() only checks that the value is within the… New CWE-284
Improper Access Control 		CVE-2026-37235 2026-06-3 02:16 2026-06-2 Show GitHub Exploit DB Packet Storm
117 - - - NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlle… New CWE-285
Improper Authorization 		CVE-2026-33398 2026-06-3 02:16 2026-06-3 Show GitHub Exploit DB Packet Storm
118 9.8 CRITICAL
Network 		- - Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When… New CWE-89
CWE-94
SQL Injection
Code Injection 		CVE-2026-25879 2026-06-3 02:16 2026-06-2 Show GitHub Exploit DB Packet Storm
119 4.3 MEDIUM
Network 		- - A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the co… New CWE-400
CWE-1333
 Uncontrolled Resource Consumption
 Inefficient Regular Expression Complexity 		CVE-2026-10291 2026-06-3 02:16 2026-06-2 Show GitHub Exploit DB Packet Storm
120 7.8 HIGH
Local 		- - In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with … New CWE-451
 User Interface (UI) Misrepresentation of Critical Information 		CVE-2026-0088 2026-06-3 02:16 2026-06-2 Show GitHub Exploit DB Packet Storm