Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251481	7.5	危険	CA Technologies	-	複数の CA 製品の BrightStor Backup Discovery Service におけるバッファオーバーフローの脆弱性	-	CVE-2006-6379	2012-06-26 15:38	2006-12-8	Show	GitHub Exploit DB Packet Storm

251482	7.5	危険	awrate	-	awrate の login.php.inc における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-6368	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

251483	7.5	危険	duware	-	DUware DUdownload の detail.asp における SQL インジェクションの脆弱性	-	CVE-2006-6367	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

251484	6.8	警告	Cerberus, LLC	-	Cerberus Helpdesk の includes/elements/spellcheck/spellwin.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6366	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

251485	7.5	危険	duware	-	DUware DUpaypal の detail.asp における SQL インジェクションの脆弱性	-	CVE-2006-6365	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

251486	6.8	警告	bluesocket	-	BlueSocket Secure Controller (BSC) の admin.pl におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6363	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

251487	10	危険	bitflux	-	Bitflux Upload Progress Meter の uploadprogress_php_rfc1867_file 関数におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2006-6361	2012-06-26 15:38	2006-12-7	Show	GitHub Exploit DB Packet Storm

251488	10	危険	duware	-	DuWare DuClassmate の default.asp における SQL インジェクションの脆弱性	-	CVE-2006-6355	2012-06-26 15:38	2006-12-6	Show	GitHub Exploit DB Packet Storm

251489	7.5	危険	duware	-	DuWare DuNews の detail.asp における SQL インジェクションの脆弱性	-	CVE-2006-6354	2012-06-26 15:38	2006-12-6	Show	GitHub Exploit DB Packet Storm

251490	5	警告	アップル	-	Mac OS X の BOMArchiveHelper におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-6353	2012-06-26 15:38	2006-12-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1671	9.9	CRITICAL Network	-	-	deepstream is a server that allows clients and backend services to sync data, send messages and make rpcs at scale. Versions prior to 10.0.5 are vulnerable to Prototype Pollution. Exploitation can l…	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2026-49252	2026-06-24 00:59	2026-06-19	Show	GitHub Exploit DB Packet Storm

1672	9.1	CRITICAL Network	-	-	Relyra is a strict-by-default SAML 2.0 Service Provider library for Elixir and Phoenix. Versions 1.0.0 and 1.1.0 accept forged SAML signatures because SignatureValue was not cryptographically verifie…	CWE-287 CWE-347 Improper Authentication Improper Verification of Cryptographic Signature	CVE-2026-49454	2026-06-24 00:59	2026-06-19	Show	GitHub Exploit DB Packet Storm

1673	-		-	-	Line Desktop MCP is a project that, while unaffiliated with the official line-bot-mcp-server, allows users to directly operate the LINE Desktop application on Windows or Mac via MCP. `line-desktop-mc…	CWE-306 CWE-862 Missing Authentication for Critical Function Missing Authorization	CVE-2026-49357	2026-06-24 00:59	2026-06-19	Show	GitHub Exploit DB Packet Storm

1674	7.4	HIGH Network	-	-	Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the sam…	CWE-470 Unsafe Reflection	CVE-2026-49287	2026-06-24 00:59	2026-06-20	Show	GitHub Exploit DB Packet Storm

1675	8.1	HIGH Network	-	-	mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatche…	CWE-862 Missing Authorization	CVE-2026-49291	2026-06-24 00:59	2026-06-20	Show	GitHub Exploit DB Packet Storm

1676	-		-	-	Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, Mercator's Query Engine (`/admin/queries/execute`) accepts a JSON DSL (`from` /…	CWE-359 Exposure of Private Personal Information to an Unauthorized Actor	CVE-2026-49344	2026-06-24 00:59	2026-06-20	Show	GitHub Exploit DB Packet Storm

1677	-		-	-	Mercator is an open source web application that enables mapping of the information system. Prior to version 2025.05.19, a Server-Side Request Forgery (SSRF) vulnerability exists in Mercator's CVE con…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-49345	2026-06-24 00:59	2026-06-20	Show	GitHub Exploit DB Packet Storm

1678	10.0	CRITICAL Network	-	-	ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN <addr> <addr> <port> <port>\r\n` PP1 frame …	CWE-348 CWE-863 Use of Less Trusted Source Incorrect Authorization	CVE-2026-48772	2026-06-24 00:57	2026-06-20	Show	GitHub Exploit DB Packet Storm

1679	7.5	HIGH Network	-	-	ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 3.0.0 through 3.0.8, ProxySQL's GenAI/MCP `run_sql_readonly` tool violates its documented read-only contract for MySQL …	CWE-20 Improper Input Validation	CVE-2026-48774	2026-06-24 00:57	2026-06-20	Show	GitHub Exploit DB Packet Storm

1680	3.7	LOW Network	-	-	Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parse_form() did not validate the Content-Length header before using it to bound its chunked read of the request body. A …	CWE-1284 Improper Validation of Specified Quantity in Input	CVE-2026-53540	2026-06-24 00:56	2026-06-23	Show	GitHub Exploit DB Packet Storm