Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
261321	5	警告	サン・マイクロシステムズ	-	Sun Solaris の sshd におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2009-4075	2010-01-15 14:09	2009-11-23	Show	GitHub Exploit DB Packet Storm

261322	2.6	注意	オラクル	-	Oracle Application Server におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	-	2010-01-14 15:01	2010-01-14	Show	GitHub Exploit DB Packet Storm

261323	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer に脆弱性	CWE-94 コード・インジェクション	CVE-2009-3672	2010-01-14 12:08	2009-11-25	Show	GitHub Exploit DB Packet Storm

261324	9.3	危険	サン・マイクロシステムズ VMware	-	Sun Java SE の java.lang パッケージにおける脆弱性	CWE-362 競合状態	CVE-2009-2724	2010-01-14 12:08	2009-08-10	Show	GitHub Exploit DB Packet Storm

261325	10	危険	サン・マイクロシステムズ VMware	-	Sun Java SE の Provider クラスにおける脆弱性	CWE-noinfo 情報不足	CVE-2009-2721	2010-01-14 12:08	2009-08-10	Show	GitHub Exploit DB Packet Storm

261326	5	警告	有限会社シースリー	-	WebCalenderC3 におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-0348	2010-01-12 15:01	2010-01-12	Show	GitHub Exploit DB Packet Storm

261327	4.3	警告	有限会社シースリー	-	WebCalenderC3 におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0349	2010-01-12 15:00	2010-01-12	Show	GitHub Exploit DB Packet Storm

261328	10	危険	サイバートラスト株式会社 XEmacs	-	XEmacs の glyphs-eimage.c における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-2688	2010-01-12 14:48	2009-08-5	Show	GitHub Exploit DB Packet Storm

261329	6.8	警告	IBM	-	IBM WebSphere Application Server (WAS) におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2009-2746	2010-01-12 14:48	2009-11-13	Show	GitHub Exploit DB Packet Storm

261330	5	警告	アップル	-	Apple Safari におけるローカル HTML ファイルを読まれる脆弱性	CWE-Other その他	CVE-2009-2842	2010-01-7 12:09	2009-11-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
811	8.8	HIGH Network	jenkins	official_owasp_zap	Jenkins OWASP ZAP Plugin 1.0.7 and earlier performs build operations on the Jenkins controller rather than the assigned agent, allowing attackers with Item/Configure permission to execute arbitrary c… New	CWE-610 Externally Controlled Reference to a Resource in Another Sphere	CVE-2026-57301	2026-06-27 04:06	2026-06-24	Show	GitHub Exploit DB Packet Storm

812	4.3	MEDIUM Network	jenkins	fitnesse	Jenkins FitNesse Plugin 1.36 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Extended Read permission or access to t… New	CWE-256 Plaintext Storage of a Password	CVE-2026-57302	2026-06-27 04:05	2026-06-24	Show	GitHub Exploit DB Packet Storm

813	4.2	MEDIUM Network	jenkins	zowe_zdevops	A cross-site request forgery (CSRF) vulnerability in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified… New	CWE-352 Origin Validation Error	CVE-2026-57306	2026-06-27 04:05	2026-06-24	Show	GitHub Exploit DB Packet Storm

814	4.2	MEDIUM Network	jenkins	zowe_zdevops	A missing permission check in Jenkins Zowe zDevOps Plugin 1.1.3.50.ve350c9b_450b_1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-spe… New	CWE-862 Missing Authorization	CVE-2026-57307	2026-06-27 04:05	2026-06-24	Show	GitHub Exploit DB Packet Storm

815	7.5	HIGH Network	shell-quote_project	shell-quote	shell-quote prior to 1.8.5 finalizes parsed tokens in parse() using Array.prototype.concat as a reduce accumulator, which reallocates and copies the entire growing array on every iteration. As a resu… New	CWE-407 Inefficient Algorithmic Complexity	CVE-2026-13311	2026-06-27 04:03	2026-06-25	Show	GitHub Exploit DB Packet Storm

816	2.6	LOW Network	nokogiri	nokogiri	Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-… New	CWE-178 CWE-184 CWE-611 Improper Handling of Case Sensitivity Incomplete Blacklist XXE	CVE-2026-57234	2026-06-27 04:03	2026-06-26	Show	GitHub Exploit DB Packet Storm

817	8.1	HIGH Network	librechat	librechat	LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-54036	2026-06-27 04:02	2026-06-26	Show	GitHub Exploit DB Packet Storm

818	8.8	HIGH Network	dokku	dokku	Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filen… New	CWE-95 Eval Injection	CVE-2026-45406	2026-06-27 04:01	2026-06-27	Show	GitHub Exploit DB Packet Storm

819	5.5	MEDIUM Local	freebsd	freebsd	When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The … New	CWE-269 Improper Privilege Management	CVE-2026-45256	2026-06-27 03:58	2026-06-27	Show	GitHub Exploit DB Packet Storm

820	7.5	HIGH Network	apache	apache-airflow-providers-ftp	The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was tran… New	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2026-49486	2026-06-27 03:58	2026-06-26	Show	GitHub Exploit DB Packet Storm