Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
245491 4.3 警告 Nikola Posa - Webfolio CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-1899 2012-09-19 16:29 2012-09-17 Show GitHub Exploit DB Packet Storm
245492 4.3 警告 Netwin Ltd - NetWin SurgeMail におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-2575 2012-09-19 16:25 2012-09-17 Show GitHub Exploit DB Packet Storm
245493 4.3 警告 Oxwall - Oxwall の ow_updates/index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-4928 2012-09-19 16:21 2012-09-15 Show GitHub Exploit DB Packet Storm
245494 7.5 危険 LimeSurvey - LimeSurvey における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2012-4927 2012-09-19 16:21 2012-02-24 Show GitHub Exploit DB Packet Storm
245495 6.4 警告 ImgPals - ImgPals Photo Host の approve.php における管理者のアクティベーションを変更される脆弱性 CWE-287
不適切な認証
CVE-2012-4926 2012-09-19 16:20 2012-09-15 Show GitHub Exploit DB Packet Storm
245496 7.5 危険 ImgPals - ImgPals Photo Host の approve.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2012-4925 2012-09-19 16:20 2012-09-15 Show GitHub Exploit DB Packet Storm
245497 9.3 危険 ASUSTeK Computer Inc. - ASUS Net4Switch 用 ipswcom.dll ActiveX コンポーネントにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2012-4924 2012-09-19 16:18 2012-09-15 Show GitHub Exploit DB Packet Storm
245498 4.3 警告 Endian - Endian Firewall におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-4923 2012-09-19 16:17 2012-09-15 Show GitHub Exploit DB Packet Storm
245499 4.3 警告 Mike Carr - Flogr の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-4336 2012-09-19 16:17 2012-09-15 Show GitHub Exploit DB Packet Storm
245500 4.3 警告 Python Software Foundation - Beaker における重要なセッションデータの一部を取得される脆弱性 CWE-310
暗号の問題
CVE-2012-3458 2012-09-19 16:16 2012-09-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1591 2.5 LOW
Local
cacti cacti Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric value… CWE-474
 Use of Function with Inconsistent Implementations
CVE-2026-39894 2026-06-26 05:19 2026-06-25 Show GitHub Exploit DB Packet Storm
1592 7.6 HIGH
Network
- - Twenty is an open-source CRM (customer relationship management) platform. Prior to 2.9.0, Twenty was vulnerable to a cross-workspace insecure direct object reference (IDOR) in the AI agent monitor's … CWE-639
 Authorization Bypass Through User-Controlled Key
CVE-2026-55583 2026-06-26 05:18 2026-06-25 Show GitHub Exploit DB Packet Storm
1593 9.6 CRITICAL
Network
- - immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XSS) vulnerability on the /auth/login page allows a… CWE-79
CWE-601
Cross-site Scripting
Open Redirect
CVE-2026-53662 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1594 9.0 CRITICAL
Network
- - LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST… CWE-918
Server-Side Request Forgery (SSRF) 
CVE-2026-54157 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1595 - - - Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs incorrect byte length calculations resulting in heap … CWE-120
Classic Buffer Overflow
CVE-2026-54257 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1596 7.8 HIGH
Local
- - rtk filters and compresses command outputs before they reach your LLM context. Prior to 0.42.2, the permission splitter did not conservatively split or reject several shell constructs that Bash treat… CWE-863
 Incorrect Authorization
CVE-2026-54555 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1597 9.6 CRITICAL
Network
- - Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled `HTTP_HOST` request header as the authoritative source for buildin… CWE-20
CWE-601
 Improper Input Validation 
Open Redirect
CVE-2026-54588 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1598 6.9 MEDIUM
Network
- - Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula Injection) in its log export functionality. User-cont… CWE-1236
 Improper Neutralization of Formula Elements in a CSV File
CVE-2026-47693 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1599 8.8 HIGH
Local
- - Style Dictionary, a build system for creating cross-platform styles, has a prototype pollution vulnerability starting in version 4.3.0 and prior to version 5.4.4. Impact users have: direct usage of `… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2026-54639 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm
1600 - - - OpenColorIO is a color management framework for visual effects and animation. Prior to version 2.5.2, `FileFormatSpi3D.cpp:163` uses `sscanf` with `%s` into 64-byte stack buffers when parsing LUT dat… CWE-120
Classic Buffer Overflow
CVE-2026-42450 2026-06-26 05:18 2026-06-24 Show GitHub Exploit DB Packet Storm