Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 12, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2471	7.8	重要 Local	Nullsoft	Nullsoft Scriptable Install System	NullsoftのNullsoft Scriptable Install Systemにおける制御されていない検索パスの要素に関する脆弱性	CWE-427 制御されていない検索パスの要素	CVE-2026-42171	2026-05-20 13:30	2026-04-24	Show	GitHub Exploit DB Packet Storm

2472	4.3	警告 Network	getkirby	kirby	getkirbyのkirbyにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-42174	2026-05-20 13:30	2026-05-9	Show	GitHub Exploit DB Packet Storm

2473	7.5	重要 Network	OpenBao	OpenBao	OpenBaoにおける保存または転送前の重要な情報の削除に関する脆弱性	CWE-212 保存または転送前の重要な情報の不適切な削除	CVE-2026-42186	2026-05-20 13:30	2026-05-14	Show	GitHub Exploit DB Packet Storm

2474	7.5	重要 Network	Ruby-lang.org	Net::IMAP	Ruby-lang.orgのNet::IMAPにおけるアルゴリズムの複雑さに関する脆弱性	CWE-407 アルゴリズムの複雑性	CVE-2026-42245	2026-05-20 13:30	2026-05-9	Show	GitHub Exploit DB Packet Storm

2475	7.4	重要 Network	Ruby-lang.org	Net::IMAP	Ruby-lang.orgのNet::IMAPにおける複数の脆弱性	CWE-392 CWE-393 CWE-636 CWE-754 CWE-841	CVE-2026-42246	2026-05-20 13:30	2026-05-9	Show	GitHub Exploit DB Packet Storm

2476	9.8	緊急 Network	ollama	ollama	Ollamaにおけるダウンロードしたコードの完全性検証不備に関する脆弱性	CWE-494 ダウンロードしたコードの完全性検証不備	CVE-2026-42248	2026-05-20 13:30	2026-04-29	Show	GitHub Exploit DB Packet Storm

2477	9.8	緊急 Network	ollama	ollama	Ollamaにおける複数の脆弱性	CWE-22 CWE-494	CVE-2026-42249	2026-05-20 13:30	2026-04-29	Show	GitHub Exploit DB Packet Storm

2478	9.8	緊急 Network	Ruby-lang.org	Net::IMAP	Ruby-lang.orgのNet::IMAPにおける複数の脆弱性	CWE-77 CWE-93	CVE-2026-42257	2026-05-20 13:30	2026-05-9	Show	GitHub Exploit DB Packet Storm

2479	9.8	緊急 Network	Ruby-lang.org	Net::IMAP	Ruby-lang.orgのNet::IMAPにおける複数の脆弱性	CWE-77 CWE-93	CVE-2026-42258	2026-05-20 13:30	2026-05-9	Show	GitHub Exploit DB Packet Storm

2480	7.1	重要 Network	Quantum Nous	New API	Quantum NousのNew APIにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-42339	2026-05-20 13:30	2026-05-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 12, 2026, 4:20 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3261	7.4	HIGH Network	pyjwt_project	pyjwt	PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate…	CWE-287 CWE-347 Improper Authentication Improper Verification of Cryptographic Signature	CVE-2026-48526	2026-06-2 02:45	2026-05-29	Show	GitHub Exploit DB Packet Storm

3262	5.3	MEDIUM Network	pyjwt_project	pyjwt	PyJWT is a JSON Web Token implementation in Python. From 2.8.0 to 2.12.1, when verifying detached JWS tokens using the unencoded-payload option ("b64": false, RFC 7797), PyJWT performs Base64URL deco…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-48525	2026-06-2 02:45	2026-05-29	Show	GitHub Exploit DB Packet Storm

3263	3.7	LOW Network	pyjwt_project	pyjwt	PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.get_signing_key() forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no ra…	CWE-460 CWE-755 Improper Cleanup on Thrown Exception Improper Handling of Exceptional Conditions	CVE-2026-48524	2026-06-2 02:44	2026-05-29	Show	GitHub Exploit DB Packet Storm

3264	5.4	MEDIUM Network	pyjwt_project	pyjwt	PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode() or jwt.decode_complete() are called with a PyJWK key. …	CWE-347 Improper Verification of Cryptographic Signature	CVE-2026-48523	2026-06-2 02:44	2026-05-29	Show	GitHub Exploit DB Packet Storm

3265	8.8	HIGH Network	freerdp	freerdp	FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs.…	CWE-122 Heap-based Buffer Overflow	CVE-2026-44421	2026-06-2 02:35	2026-05-30	Show	GitHub Exploit DB Packet Storm

3266	5.4	MEDIUM Network	ibm	webmethods_integration_server	IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). Th…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2025-14290	2026-06-2 02:33	2026-05-27	Show	GitHub Exploit DB Packet Storm

3267	7.6	HIGH Network	ibm	cognos_analytics cognos_transformer	IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows…	CWE-79 Cross-site Scripting	CVE-2025-36126	2026-06-2 02:30	2026-05-27	Show	GitHub Exploit DB Packet Storm

3268	7.4	HIGH Network	miniorange	saml_sso_-_service_provider	Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal SAML SSO - Service Provider allows Privilege Escalation. This issue affects SAML SSO - Service Provider: from 0.0.0 befor…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2026-5343	2026-06-2 02:29	2026-05-29	Show	GitHub Exploit DB Packet Storm

3269	8.8	HIGH Network	freerdp	freerdp	FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without track…	CWE-415 CWE-416 Double Free Use After Free	CVE-2026-44422	2026-06-2 02:26	2026-05-30	Show	GitHub Exploit DB Packet Storm

3270	5.3	MEDIUM Network	ibm	watsonx.data	IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions.	CWE-923 NVD-CWE-noinfo Improper Restriction of Communication Channel to Intended Endpoints	CVE-2025-36145	2026-06-2 02:24	2026-05-27	Show	GitHub Exploit DB Packet Storm