Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 14, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
218941	7.5	危険	CloudBees	-	CloudBees Jenkins におけるクリックジャッキング攻撃を実行される脆弱性	CWE-noinfo 情報不足	CVE-2014-2063	2014-10-23 17:32	2014-02-12	Show	GitHub Exploit DB Packet Storm

218942	6.5	警告	CloudBees	-	CloudBees Jenkins におけるアクセスを保持される脆弱性	CWE-287 不適切な認証	CVE-2014-2062	2014-10-23 17:31	2014-02-8	Show	GitHub Exploit DB Packet Storm

218943	5	警告	CloudBees	-	CloudBees Jenkins の PasswordParameterDefinition の入力制御におけるパスワードを取得される脆弱性	CWE-310 暗号の問題	CVE-2014-2061	2014-10-23 17:31	2014-02-8	Show	GitHub Exploit DB Packet Storm

218944	7.5	危険	CloudBees	-	CloudBees Jenkins の Winstone サーブレットコンテナにおけるセッションをハイジャックされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-2060	2014-10-23 17:31	2014-02-15	Show	GitHub Exploit DB Packet Storm

218945	6.5	警告	CloudBees	-	CloudBees Jenkins の BuildTrigger におけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-2058	2014-10-23 17:30	2014-02-11	Show	GitHub Exploit DB Packet Storm

218946	4	警告	CloudBees	-	CloudBees Jenkins における制限されているプロジェクト以外のプロジェクトを構築される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7330	2014-10-23 17:30	2013-02-14	Show	GitHub Exploit DB Packet Storm

218947	4.3	警告	C97net	-	C97net Cart Engine の skins/default/outline.tpl におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8307	2014-10-23 16:58	2014-08-21	Show	GitHub Exploit DB Packet Storm

218948	7.5	危険	C97net	-	C97net Cart Engine の cart.php 内の sql_query 関数における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-8306	2014-10-23 16:58	2014-08-21	Show	GitHub Exploit DB Packet Storm

218949	7.5	危険	Splunk	-	Splunk Enterprise の Splunk Web におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8303	2014-10-23 16:57	2014-09-30	Show	GitHub Exploit DB Packet Storm

218950	6.5	警告	Splunk	-	Splunk Enterprise の Splunk Web におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8302	2014-10-23 16:57	2014-09-30	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3101	7.8	HIGH Local	zed	zed	Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior (e.g.,…	CWE-78 CWE-184 OS Command Incomplete Blacklist	CVE-2026-44463	2026-06-3 10:11	2026-05-29	Show	GitHub Exploit DB Packet Storm

3102	8.8	HIGH Network	zed	zed	Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed via bash variable expansion chaining (${var@P}), allowing arbitrary command execution under an allowliste…	CWE-184 Incomplete Blacklist	CVE-2026-44462	2026-06-3 10:00	2026-05-29	Show	GitHub Exploit DB Packet Storm

3103	8.6	HIGH Local	zed	zed	Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or…	CWE-78 OS Command	CVE-2026-44461	2026-06-3 09:58	2026-05-29	Show	GitHub Exploit DB Packet Storm

3104	7.5	HIGH Network	jg-rp	python_liquid	Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search pa…	CWE-22 Path Traversal	CVE-2026-45017	2026-06-3 09:43	2026-05-29	Show	GitHub Exploit DB Packet Storm

3105	-		-	-	Rejected reason: This CVE is a duplicate of another CVE.	-	CVE-2026-42029	2026-06-3 07:16	2026-06-3	Show	GitHub Exploit DB Packet Storm

3106	7.5	HIGH Network	-	-	The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the 'arm_directory_paging_action' AJAX action in all versions up to, and including, 7.3.1. This i…	CWE-89 SQL Injection	CVE-2026-5073	2026-06-3 05:56	2026-06-3	Show	GitHub Exploit DB Packet Storm

3107	6.5	MEDIUM Network	-	-	The ARMember Premium plugin for WordPress is vulnerable to SQL Injection via the 'sSortDir_0' parameter of the `get_private_content_data` AJAX action in all versions up to, and including, 7.3.1. This…	CWE-89 SQL Injection	CVE-2026-5074	2026-06-3 05:56	2026-06-3	Show	GitHub Exploit DB Packet Storm

3108	9.8	CRITICAL Network	-	-	The ARMember Premium plugin for WordPress is vulnerable to an insecure password reset mechanism in all versions up to, and including, 7.3.1. The plugin stores a plaintext copy of the password reset k…	CWE-287 Improper Authentication	CVE-2026-5076	2026-06-3 05:56	2026-06-3	Show	GitHub Exploit DB Packet Storm

3109	9.8	CRITICAL Network	synology	beestation_os	Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in AdminCenter in Synology BeeStation OS before 1.3.2-65648 allows remote attackers to execute arbitrary code via …	CWE-120 Classic Buffer Overflow	CVE-2025-12686	2026-06-3 05:43	2026-05-27	Show	GitHub Exploit DB Packet Storm

3110	9.8	CRITICAL Network	synology	diskstation_manager	Improper check for unusual or exceptional conditions vulnerability in SSO in Synology DiskStation Manager (DSM) before 7.2.2-72806-5 and 7.3.1-86003-1 (7.2.1-69057 is not affected) allows remote atta…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2025-13392	2026-06-3 05:42	2026-05-27	Show	GitHub Exploit DB Packet Storm