Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 8, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
235341 9.3 危険 シスコシステムズ - Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-3938 2012-10-29 11:44 2012-10-10 Show GitHub Exploit DB Packet Storm
235342 9.3 危険 シスコシステムズ - Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-3937 2012-10-29 11:39 2012-10-10 Show GitHub Exploit DB Packet Storm
235343 9.3 危険 シスコシステムズ - Cisco WebEx Recording Format Player におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-3936 2012-10-29 11:38 2012-10-10 Show GitHub Exploit DB Packet Storm
235344 2.1 注意 マイクロソフト
シマンテック
IBM
オラクル		 - Oracle Fusion Middleware の Oracle Outside In Technology における脆弱性 CWE-noinfo
情報不足 		CVE-2012-3108 2012-10-26 16:14 2012-07-17 Show GitHub Exploit DB Packet Storm
235345 5.8 警告 Eduserv - Java 用 Eduserv OpenAthens におけるメッセージを偽造される脆弱性 CWE-287
不適切な認証 		CVE-2012-5353 2012-10-26 15:25 2012-10-9 Show GitHub Exploit DB Packet Storm
235346 4.3 警告 シマンテック - Symantec Messaging Gateway におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-0307 2012-10-26 14:37 2012-08-27 Show GitHub Exploit DB Packet Storm
235347 4.6 警告 (複数のベンダ) - 複数の DomainKeys Identified Mail (DKIM) 実装に問題 - - 2012-10-26 12:22 2012-10-25 Show GitHub Exploit DB Packet Storm
235348 4.3 警告 Come on Girls Interface - 東京BBS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-4019 2012-10-26 12:00 2012-10-26 Show GitHub Exploit DB Packet Storm
235349 4.3 警告 マイクロソフト - Microsoft Office 2007 の Excel 2007 および Microsoft Excel Viewer におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2012-5672 2012-10-26 10:55 2012-10-25 Show GitHub Exploit DB Packet Storm
235350 10 危険 Apache Software Foundation - Apache Open For Business Project における脆弱性 CWE-noinfo
情報不足 		CVE-2012-3506 2012-10-26 10:34 2012-10-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2931 5.3 MEDIUM
Network 		gitlab gitlab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an unauth… CWE-863
 Incorrect Authorization 		CVE-2026-6713 2026-05-28 05:46 2026-05-28 Show GitHub Exploit DB Packet Storm
2932 4.3 MEDIUM
Network 		gitlab gitlab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.7 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that under certain conditions could have allowed an authen… CWE-706
 Use of Incorrectly-Resolved Name or Reference 		CVE-2026-8716 2026-05-28 05:45 2026-05-28 Show GitHub Exploit DB Packet Storm
2933 6.3 MEDIUM
Network 		- - FacturaScripts is an open source accounting and invoicing software. In 2025.81 and earlier, an authenticated unrestricted file upload vulnerability exists in FacturaScripts' product image upload func… CWE-94
CWE-434
Code Injection
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-42879 2026-05-28 04:49 2026-05-28 Show GitHub Exploit DB Packet Storm
2934 - - - MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch (chat/api/o… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42335 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm
2935 - - - MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch functionality due to inconsi… CWE-367
CWE-918
 Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)  		CVE-2026-42336 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm
2936 - - - MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API (chat/api/oss/get_url). The en… CWE-862
 Missing Authorization 		CVE-2026-42337 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm
2937 7.5 HIGH
Network 		- - MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth clas… CWE-287
CWE-306
Improper Authentication
Missing Authentication for Critical Function 		CVE-2026-44847 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm
2938 - - - MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, SSRF via work_flow_template Import. Authenticated users can supply arbitrary URLs in work_flow_template.downloadUrl which are fetc… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45412 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm
2939 - - - MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.1, user passwords are stored using unsalted MD5 hashes, making them trivially crackable via rainbow tables or GPU-accelerated brute f… CWE-328
 Use of Weak Hash 		CVE-2026-45413 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm
2940 7.4 HIGH
Network 		- - epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.2, an attacker who can MITM the TLS connection between the client and the IDP (within the TI netwo… CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-45575 2026-05-28 04:41 2026-05-27 Show GitHub Exploit DB Packet Storm