Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 26, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
223671 10 危険 PaperThin - PaperThin CommonSpot における不特定の操作を実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2014-2866 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223672 7.5 危険 PaperThin - PaperThin CommonSpot におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-2865 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223673 10 危険 PaperThin - PaperThin CommonSpot におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2014-2864 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223674 10 危険 PaperThin - PaperThin CommonSpot における絶対パストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2014-2863 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223675 5 警告 PaperThin - PaperThin CommonSpot のデフォルト設定における重要な情報を取得される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2014-2870 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223676 5 警告 PaperThin - PaperThin CommonSpot における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2014-2869 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223677 7.5 危険 PaperThin - PaperThin CommonSpot における ColdFusion コードの実行フローを変更される脆弱性脆弱性 CWE-Other
その他 		CVE-2014-2868 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223678 10 危険 PaperThin - PaperThin CommonSpot における任意のコードを実行される脆弱性脆弱性 CWE-Other
その他 		CVE-2014-2867 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223679 10 危険 PaperThin - PaperThin CommonSpot における任意のコードを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2014-2874 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
223680 5 警告 PaperThin - PaperThin CommonSpot における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2014-2873 2014-04-21 19:01 2014-04-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1611 5.5 MEDIUM
Local 		- - NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check… New CWE-602
 Client-Side Enforcement of Server-Side Security 		CVE-2026-56693 2026-06-24 02:58 2026-06-24 Show GitHub Exploit DB Packet Storm
1612 5.4 MEDIUM
Network 		- - OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r… New CWE-862
 Missing Authorization 		CVE-2026-56696 2026-06-24 02:58 2026-06-24 Show GitHub Exploit DB Packet Storm
1613 5.9 MEDIUM
Network 		- - Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication … New CWE-311
CWE-319
CWE-636
Missing Encryption of Sensitive Data
Cleartext Transmission of Sensitive Information
 Not Failing Securely ('Failing Open') 		CVE-2026-55568 2026-06-24 02:57 2026-06-24 Show GitHub Exploit DB Packet Storm
1614 4.8 MEDIUM
Network 		- - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request meth… New CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting 		CVE-2026-55766 2026-06-24 02:57 2026-06-24 Show GitHub Exploit DB Packet Storm
1615 6.1 MEDIUM
Network 		flowiseai flowise Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScrip… New CWE-80
Basic XSS 		CVE-2025-71331 2026-06-24 02:53 2026-06-21 Show GitHub Exploit DB Packet Storm
1616 8.2 HIGH
Network 		messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4… New CWE-20
 Improper Input Validation  		CVE-2026-48109 2026-06-24 02:25 2026-06-23 Show GitHub Exploit DB Packet Storm
1617 7.5 HIGH
Network 		messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension len… New CWE-125
CWE-190
CWE-407
CWE-409
CWE-470
CWE-502
CWE-674
CWE-789
CWE-1188
Out-of-bounds Read
 Integer Overflow or Wraparound
 Inefficient Algorithmic Complexity
 Improper Handling of Highly Compressed Data (Data Amplification)
Unsafe Reflection
 Deserialization of Untrusted Data
 Uncontrolled Recursion
 Memory Allocation with Excessive Size Value
 Insecure Default Initialization of Resource 		CVE-2026-48502 2026-06-24 02:25 2026-06-23 Show GitHub Exploit DB Packet Storm
1618 7.5 HIGH
Network 		messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth o… New CWE-674
 Uncontrolled Recursion 		CVE-2026-48506 2026-06-24 02:24 2026-06-23 Show GitHub Exploit DB Packet Storm
1619 8.1 HIGH
Network 		- - piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through… New CWE-94
CWE-1321
Code Injection
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-55388 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm
1620 6.1 MEDIUM
Network 		astro astro Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolate… New CWE-79
Cross-site Scripting 		CVE-2026-54298 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm