Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 1, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
218671	5	警告	tera-charts project	-	WordPress 用 Tera Charts プラグインにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2014-4940	2014-07-15 18:22	2014-05-28	Show	GitHub Exploit DB Packet Storm

218672	6.5	警告	Darell Sun	-	WordPress 用 ENL Newsletter プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-4939	2014-07-15 18:21	2014-05-28	Show	GitHub Exploit DB Packet Storm

218673	7.5	危険	Darell Sun	-	WordPress 用 WP Rss Poster プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-4938	2014-07-15 18:19	2014-05-28	Show	GitHub Exploit DB Packet Storm

218674	5	警告	BookX plugin project	-	WordPress 用 includes/bookx_export.php の BookX プラグインにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2014-4937	2014-07-15 18:18	2014-05-28	Show	GitHub Exploit DB Packet Storm

218675	4.9	警告	アルバネットワークス株式会社	-	Aruba Networks ClearPass の Policy Manager における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-4013	2014-07-15 15:34	2014-07-3	Show	GitHub Exploit DB Packet Storm

218676	4.3	警告	フォーティネット	-	FortiGuard FortiWeb におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4738	2014-07-15 15:27	2014-07-10	Show	GitHub Exploit DB Packet Storm

218677	7.5	危険	Dahua Technology Co., Ltd	-	Dahua DVR における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2013-6117	2014-07-15 13:54	2013-11-13	Show	GitHub Exploit DB Packet Storm

218678	7.5	危険	特定非営利活動法人 Seasar ファウンデーション	-	S2Struts において ClassLoader が操作可能な脆弱性	CWE-DesignError	CVE-2014-3893	2014-07-15 12:17	2014-07-15	Show	GitHub Exploit DB Packet Storm

218679	4.9	警告	シトリックス・システムズ	-	Citrix XenDesktop における他のユーザのデスクトップへのアクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-4700	2014-07-14 17:31	2014-07-10	Show	GitHub Exploit DB Packet Storm

218680	3.5	注意	OpenStack Canonical	-	OpenStack Neutron の L3-agent におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-4167	2014-07-14 17:30	2014-06-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 1, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
881	8.7	HIGH Network	-	-	TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via unsanitized data-mce-* attributes (data-mce-href, data-mce-src, data-mce-style).…	CWE-79 Cross-site Scripting	CVE-2026-47759	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

882	8.7	HIGH Network	-	-	TinyMCE is an open source rich text editor. From 6.8.0 to before 7.1.0, TinyMCE contains an XSS vulnerability caused by improper SVG namespace scope handling in the sanitizer. A crafted payload using…	CWE-79 Cross-site Scripting	CVE-2026-47760	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

883	8.7	HIGH Network	-	-	TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability in the media plugin. Attackers can inject malicious scripts via crafted data-mce-* a…	CWE-79 Cross-site Scripting	CVE-2026-47761	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

884	8.7	HIGH Network	-	-	TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, and 8.5.1, there is a stored XSS vulnerability via forged mce:protected comments. Allows attackers to bypass sanitization and injec…	CWE-79 Cross-site Scripting	CVE-2026-47762	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

885	-		-	-	In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico d…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-41184	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

886	-		-	-	When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, t…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-41185	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

887	8.6	HIGH Local	-	-	Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or…	CWE-78 OS Command	CVE-2026-44461	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

888	6.4	MEDIUM Network	-	-	Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste…	CWE-184 Incomplete Blacklist	CVE-2026-44462	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

889	8.6	HIGH Local	-	-	Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g.,…	CWE-78 CWE-184 OS Command Incomplete Blacklist	CVE-2026-44463	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm

890	8.6	HIGH Local	-	-	Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allow…	CWE-78 OS Command	CVE-2026-44465	2026-05-29 03:55	2026-05-29	Show	GitHub Exploit DB Packet Storm