Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 27, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
260781 4.6 警告 サイバートラスト株式会社
Todd C. Miller		 - sudo の Perl スクリプト実行時における権限昇格の脆弱性 - CVE-2005-4158 2010-02-15 11:03 2005-11-8 Show GitHub Exploit DB Packet Storm
260782 1 注意 オラクル - Oracle Database および Oracle Application Server の Unzip コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-3412 2010-02-12 12:22 2010-01-12 Show GitHub Exploit DB Packet Storm
260783 3.2 注意 オラクル - Oracle Database の Oracle Spatial コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-3413 2010-02-12 12:22 2010-01-12 Show GitHub Exploit DB Packet Storm
260784 3.6 注意 オラクル - Oracle Database の RDBMS コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-3410 2010-02-12 12:21 2010-01-12 Show GitHub Exploit DB Packet Storm
260785 4 警告 オラクル - Oracle Database の Logical Standby コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-1996 2010-02-12 12:21 2010-01-12 Show GitHub Exploit DB Packet Storm
260786 4.9 警告 オラクル - Oracle Database の Oracle Spatial コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-3414 2010-02-12 12:21 2010-01-12 Show GitHub Exploit DB Packet Storm
260787 4.9 警告 オラクル - Oracle Database の Oracle Data Pump コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-3411 2010-02-12 12:21 2010-01-12 Show GitHub Exploit DB Packet Storm
260788 6 警告 オラクル - Oracle Database の Application Express Application Builder コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2010-0076 2010-02-12 12:21 2010-01-12 Show GitHub Exploit DB Packet Storm
260789 9 危険 オラクル - Oracle Database の Oracle OLAP コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2009-3415 2010-02-12 12:20 2010-01-12 Show GitHub Exploit DB Packet Storm
260790 10 危険 オラクル - Oracle Database の Listener コンポーネントにおける脆弱性 CWE-noinfo
情報不足 		CVE-2010-0071 2010-02-12 12:20 2010-01-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1611 5.5 MEDIUM
Local 		- - NanoClaw before 2.1.17 contains a privilege escalation vulnerability in the create_agent delivery-action handler that performs privileged central-database writes without host-side authorization check… CWE-602
 Client-Side Enforcement of Server-Side Security 		CVE-2026-56693 2026-06-24 02:58 2026-06-24 Show GitHub Exploit DB Packet Storm
1612 5.4 MEDIUM
Network 		- - OpenHarness /issue and /pr_comments slash commands lack remote_invocable=False protection, allowing remote channel senders to write attacker-controlled Markdown into project context files. Admitted r… CWE-862
 Missing Authorization 		CVE-2026-56696 2026-06-24 02:58 2026-06-24 Show GitHub Exploit DB Packet Storm
1613 5.9 MEDIUM
Network 		- - Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, in certain configurations, traffic expected to be protected by TLS on the hop to the proxy is transmitted in cleartext. Proxy authentication … CWE-311
CWE-319
CWE-636
Missing Encryption of Sensitive Data
Cleartext Transmission of Sensitive Information
 Not Failing Securely ('Failing Open') 		CVE-2026-55568 2026-06-24 02:57 2026-06-24 Show GitHub Exploit DB Packet Storm
1614 4.8 MEDIUM
Network 		- - guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Prior to 2.12.1, guzzlehttp/psr7 did not reject CR/LF characters in certain first-party HTTP start-line fields: the request meth… CWE-93
CWE-113
CRLF Injection
HTTP Response Splitting 		CVE-2026-55766 2026-06-24 02:57 2026-06-24 Show GitHub Exploit DB Packet Storm
1615 6.1 MEDIUM
Network 		flowiseai flowise Flowise before 3.0.8 contains a cross-site scripting (XSS) vulnerability caused by insufficient input filtering in chat messages and custom agent functions. An attacker can inject malicious JavaScrip… CWE-80
Basic XSS 		CVE-2025-71331 2026-06-24 02:53 2026-06-21 Show GitHub Exploit DB Packet Storm
1616 8.2 HIGH
Network 		messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4… CWE-20
 Improper Input Validation  		CVE-2026-48109 2026-06-24 02:25 2026-06-23 Show GitHub Exploit DB Packet Storm
1617 7.5 HIGH
Network 		messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.ReadDateTime() can allocate stack memory based on an attacker-controlled MessagePack extension len… CWE-125
CWE-190
CWE-407
CWE-409
CWE-470
CWE-502
CWE-674
CWE-789
CWE-1188
Out-of-bounds Read
 Integer Overflow or Wraparound
 Inefficient Algorithmic Complexity
 Improper Handling of Highly Compressed Data (Data Amplification)
Unsafe Reflection
 Deserialization of Untrusted Data
 Uncontrolled Recursion
 Memory Allocation with Excessive Size Value
 Insecure Default Initialization of Resource 		CVE-2026-48502 2026-06-24 02:25 2026-06-23 Show GitHub Exploit DB Packet Storm
1618 7.5 HIGH
Network 		messagepack messagepack MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth o… CWE-674
 Uncontrolled Recursion 		CVE-2026-48506 2026-06-24 02:24 2026-06-23 Show GitHub Exploit DB Packet Storm
1619 8.1 HIGH
Network 		- - piscina is a node.js worker pool implementation. Prior to 6.0.0-rc.2, 5.2.0, and 4.9.3, piscina's constructor and run() paths read the filename option via plain member access. Both reads fall through… CWE-94
CWE-1321
Code Injection
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-55388 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm
1620 6.1 MEDIUM
Network 		astro astro Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolate… CWE-79
Cross-site Scripting 		CVE-2026-54298 2026-06-24 02:17 2026-06-23 Show GitHub Exploit DB Packet Storm