Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
222451	2.6	注意	Webmin Project	-	Webmin におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3886	2014-07-23 10:44	2014-06-20	Show	GitHub Exploit DB Packet Storm

222452	3.5	注意	Webmin Project	-	Webmin におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3885	2014-07-23 10:44	2014-06-20	Show	GitHub Exploit DB Packet Storm

222453	4.3	警告	Webmin Project	-	Usermin におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-3884	2014-07-23 10:43	2014-06-20	Show	GitHub Exploit DB Packet Storm

222454	7.5	危険	Cogent Real-Time Systems Inc.	-	Cogent Real-Time Systems Cogent DataHub の GetPermissions.asp における任意のコマンドを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2014-3789	2014-07-22 18:39	2014-04-29	Show	GitHub Exploit DB Packet Storm

222455	5	警告	drunomics	-	Drupal 用 Entity API モジュールにおける制限されたエンティティを読まれる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7391	2014-07-22 18:36	2013-08-14	Show	GitHub Exploit DB Packet Storm

222456	4	警告	drunomics	-	Drupal 用 Entity API モジュールにおけるコメントを読まれる脆弱性	CWE-200 情報漏えい	CVE-2013-4273	2014-07-22 18:36	2013-08-14	Show	GitHub Exploit DB Packet Storm

222457	6.3	警告	IBM	-	IBM InfoSphere Master Data Management - Collaborative Edition および InfoSphere Master Data Management Server for Product Information Management の GDS コンポーネントにおける任意のファイルを読まれる脆弱性	CWE-200 情報漏えい	CVE-2014-3064	2014-07-22 17:35	2014-06-24	Show	GitHub Exploit DB Packet Storm

222458	6.5	警告	IBM	-	IBM Storwize V7000 Unified における権限を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-3043	2014-07-22 17:34	2014-07-15	Show	GitHub Exploit DB Packet Storm

222459	3.5	注意	IBM	-	IBM InfoSphere Master Data Management - Collaborative Edition および InfoSphere Master Data Management Server for Product Information Management の GDS コンポーネントにおけるリンクを挿入される脆弱性	CWE-20 不適切な入力確認	CVE-2014-0970	2014-07-22 17:34	2014-06-24	Show	GitHub Exploit DB Packet Storm

222460	3.5	注意	IBM	-	IBM InfoSphere Master Data Management - Collaborative Edition および InfoSphere Master Data Management Server for Product Information Management の GDS コンポーネントにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-0968	2014-07-22 17:33	2014-06-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3661	6.1	MEDIUM Network	vmware	spring_framework	Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape() may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting (XSS) vulnerability. Af…	CWE-79 Cross-site Scripting	CVE-2026-41845	2026-06-12 01:12	2026-06-9	Show	GitHub Exploit DB Packet Storm

3662	6.1	MEDIUM Network	vmware	spring_framework	Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting…	CWE-79 Cross-site Scripting	CVE-2026-41846	2026-06-12 01:10	2026-06-9	Show	GitHub Exploit DB Packet Storm

3663	5.3	MEDIUM Network	vmware	spring_framework	Spring WebFlux applications may be vulnerable to a security bypass when using the Kotlin Router DSL. Affected versions: Spring Framework 5.3.0 through 5.3.48.	CWE-284 NVD-CWE-noinfo Improper Access Control	CVE-2026-41847	2026-06-12 01:08	2026-06-9	Show	GitHub Exploit DB Packet Storm

3664	7.8	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.	CWE-416 Use After Free	CVE-2026-42986	2026-06-12 01:02	2026-06-10	Show	GitHub Exploit DB Packet Storm

3665	8.1	HIGH Network	microsoft	windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2025	Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.	CWE-416 Use After Free	CVE-2026-42987	2026-06-12 00:46	2026-06-10	Show	GitHub Exploit DB Packet Storm

3666	7.5	HIGH Network	vmware	spring_framework	Applications may be vulnerable to a Regular Expression Denial of Service (ReDoS) attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the followi…	CWE-1333 Inefficient Regular Expression Complexity	CVE-2026-41848	2026-06-12 00:45	2026-06-9	Show	GitHub Exploit DB Packet Storm

3667	7.8	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.	CWE-59 Link Following	CVE-2026-42989	2026-06-12 00:45	2026-06-10	Show	GitHub Exploit DB Packet Storm

3668	7.8	HIGH Local	microsoft	windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2019 windows_server_2022 windows_server_2025	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.	CWE-362 CWE-416 Race Condition Use After Free	CVE-2026-42991	2026-06-12 00:43	2026-06-10	Show	GitHub Exploit DB Packet Storm

3669	5.3	MEDIUM Network	vmware	spring_framework	A vulnerability in Spring Expression Language (SpEL) evaluation logic allows for arbitrary zero-argument method invocation, even within restricted or read-only contexts, which may allow an attacker t…	CWE-863 Incorrect Authorization	CVE-2026-41852	2026-06-12 00:43	2026-06-9	Show	GitHub Exploit DB Packet Storm

3670	8.4	HIGH Local	microsoft	365_apps microsoft_365 office_2019 office_2021 office_2024 sharepoint_server word	Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally.	CWE-416 Use After Free	CVE-2026-45458	2026-06-12 00:37	2026-06-10	Show	GitHub Exploit DB Packet Storm