Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
260921	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

260922	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

260923	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1451	9.0	CRITICAL Network	-	-	In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, l…	CWE-287 CWE-330 CWE-340 Improper Authentication Use of Insufficiently Random Values Generation of Predictable Numbers or Identifiers	CVE-2026-11374	2026-06-25 02:16	2026-06-23	Show	GitHub Exploit DB Packet Storm

1452	5.9	MEDIUM Network	-	-	IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted reques…	CWE-476 NULL Pointer Dereference	CVE-2026-10852	2026-06-25 02:16	2026-06-23	Show	GitHub Exploit DB Packet Storm

1453	5.4	MEDIUM Network	-	-	The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: (1) ca…	CWE-22 Path Traversal	CVE-2026-10601	2026-06-25 02:16	2026-06-22	Show	GitHub Exploit DB Packet Storm

1454	5.4	MEDIUM Network	eclipse	open_vsx	Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy o…	CWE-79 Cross-site Scripting	CVE-2026-4983	2026-06-25 01:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

1455	5.3	MEDIUM Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory add…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-54236	2026-06-25 01:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

1456	6.5	MEDIUM Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN…	CWE-1287 Improper Validation of Specified Type of Input	CVE-2026-54235	2026-06-25 01:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

1457	6.5	MEDIUM Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB…	CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)	CVE-2026-54233	2026-06-25 01:52	2026-06-23	Show	GitHub Exploit DB Packet Storm

1458	8.8	HIGH Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package.…	CWE-427 Uncontrolled Search Path Element	CVE-2026-54232	2026-06-25 01:51	2026-06-23	Show	GitHub Exploit DB Packet Storm

1459	7.5	HIGH Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf…	CWE-200 CWE-681 Information Exposure Incorrect Conversion between Numeric Types	CVE-2026-53923	2026-06-25 01:51	2026-06-23	Show	GitHub Exploit DB Packet Storm

1460	9.1	CRITICAL Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentica…	CWE-444 HTTP Request Smuggling	CVE-2026-48746	2026-06-25 01:49	2026-06-23	Show	GitHub Exploit DB Packet Storm