Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 2:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
223681 5.8 警告 Paul Mattes - x3270 における SSL サーバになりすまされる脆弱性 CWE-310
暗号の問題
CVE-2012-5662 2014-05-29 15:24 2012-12-20 Show GitHub Exploit DB Packet Storm
223682 7.5 危険 D-Link Systems, Inc. - D-Link DAP-1350 のファームウェアの管理用ログインページにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2014-3872 2014-05-29 15:23 2014-05-8 Show GitHub Exploit DB Packet Storm
223683 7.5 危険 Geodesic Solutions - Geodesic Solutions GeoCore MAX の register.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2014-3871 2014-05-29 15:22 2014-04-25 Show GitHub Exploit DB Packet Storm
223684 3.5 注意 Mayan EDMS - Mayan EDMS の apps/common/templates/calculate_form_title.html におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2014-3840 2014-05-29 15:21 2014-05-23 Show GitHub Exploit DB Packet Storm
223685 6.4 警告 GLPI-PROJECT.ORG - GLPI の inc/ticket.class.php における任意の PHP オブジェクトをアンシリアライズ化される脆弱性 CWE-Other
その他
CVE-2013-2225 2014-05-29 14:45 2013-06-23 Show GitHub Exploit DB Packet Storm
223686 4.3 警告 Richard W.M. Jones - libguestfs の inspect-fs.c におけるメモリ二重解放の脆弱性 CWE-Other
その他
CVE-2013-2124 2014-05-29 14:37 2013-01-24 Show GitHub Exploit DB Packet Storm
223687 5 警告 MantisBT Group - Mantis Bug Tracker におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認
CVE-2013-1883 2014-05-29 14:07 2013-04-11 Show GitHub Exploit DB Packet Storm
223688 5 警告 Timo Sirainen - Dovecot の IMAP 機能におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認
CVE-2013-2111 2014-05-29 14:00 2013-05-20 Show GitHub Exploit DB Packet Storm
223689 7.5 危険 Square - Square Squash における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション
CVE-2013-5036 2014-05-29 13:49 2013-06-25 Show GitHub Exploit DB Packet Storm
223690 9.3 危険 Michael Uplawski - Ruby 用 Creme Fraiche gem の lib/cremefraiche.rb における任意のコマンドを実行される脆弱性 CWE-78
OSコマンド・インジェクション
CVE-2013-2090 2014-05-29 13:41 2013-05-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1181 4.3 MEDIUM
Network
jenkins fitnesse Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t… CWE-256
Plaintext Storage of a Password 
CVE-2026-57302 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
1182 4.2 MEDIUM
Network
jenkins zowe_zdevops A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified… CWE-352
 Origin Validation Error
CVE-2026-57306 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
1183 4.2 MEDIUM
Network
jenkins zowe_zdevops A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe… CWE-862
 Missing Authorization
CVE-2026-57307 2026-06-27 04:05 2026-06-24 Show GitHub Exploit DB Packet Storm
1184 7.5 HIGH
Network
shell-quote_project shell-quote shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a resu… CWE-407
 Inefficient Algorithmic Complexity
CVE-2026-13311 2026-06-27 04:03 2026-06-25 Show GitHub Exploit DB Packet Storm
1185 2.6 LOW
Network
nokogiri nokogiri Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-… CWE-178
CWE-184
CWE-611
 Improper Handling of Case Sensitivity
 Incomplete Blacklist
XXE
CVE-2026-57234 2026-06-27 04:03 2026-06-26 Show GitHub Exploit DB Packet Storm
1186 8.1 HIGH
Network
librechat librechat LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen… CWE-306
Missing Authentication for Critical Function
CVE-2026-54036 2026-06-27 04:02 2026-06-26 Show GitHub Exploit DB Packet Storm
1187 8.8 HIGH
Network
dokku dokku Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filen… CWE-95
Eval Injection
CVE-2026-45406 2026-06-27 04:01 2026-06-27 Show GitHub Exploit DB Packet Storm
1188 5.5 MEDIUM
Local
freebsd freebsd When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The … CWE-269
 Improper Privilege Management
CVE-2026-45256 2026-06-27 03:58 2026-06-27 Show GitHub Exploit DB Packet Storm
1189 7.5 HIGH
Network
apache apache-airflow-providers-ftp The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was tran… CWE-319
Cleartext Transmission of Sensitive Information
CVE-2026-49486 2026-06-27 03:58 2026-06-26 Show GitHub Exploit DB Packet Storm
1190 8.8 HIGH
Network
dokku dokku Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preve… CWE-59
Link Following
CVE-2026-45405 2026-06-27 03:56 2026-06-27 Show GitHub Exploit DB Packet Storm