Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 27, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2911	8.8	重要 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G FirmwareにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-49190	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2912	9.8	緊急 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおける認証に関する脆弱性	CWE-287 不適切な認証	CVE-2026-49191	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2913	5.4	警告 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-49192	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2914	7.5	重要 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおける情報漏えいに関する脆弱性	CWE-200 情報漏えい	CVE-2026-49193	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2915	8.8	重要 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおける認証に関する脆弱性	CWE-287 不適切な認証	CVE-2026-49194	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2916	9.8	緊急 Network	日本エイサー	Predator Connect W6x Firmware	エイサーのPredator Connect W6x Firmwareにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-49199	2026-06-8 11:50	2026-05-29	Show	GitHub Exploit DB Packet Storm

2917	8.6	重要 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおける認証に関する脆弱性	CWE-287 不適切な認証	CVE-2026-49202	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2918	8.3	重要 Adjacent	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおける認証に関する脆弱性	CWE-287 不適切な認証	CVE-2026-49203	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2919	6.5	警告 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおけるハードコードされた認証情報の使用に関する脆弱性	CWE-798 ハードコードされた認証情報の使用	CVE-2026-49204	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

2920	8.2	重要 Network	日本エイサー	Acer Connect M6E 5G Firmware	エイサーのAcer Connect M6E 5G Firmwareにおけるログファイルからの情報漏えいに関する脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2026-50205	2026-06-8 11:50	2026-06-4	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
701	7.7	HIGH Network	n8n	n8n	n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could pollute the sandbox used by the Merge node's … New	CWE-488 Exposure of Data Element to Wrong Session	CVE-2026-54311	2026-06-26 03:41	2026-06-24	Show	GitHub Exploit DB Packet Storm

702	9.9	CRITICAL Network	n8n	n8n	n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, an authenticated user with permission to create or modify workflows could supply a crafted parameters to the TimescaleD… New	CWE-89 SQL Injection	CVE-2026-54310	2026-06-26 03:41	2026-06-24	Show	GitHub Exploit DB Packet Storm

703	10.0	CRITICAL Network	n8n	n8n	n8n is an open source workflow automation platform. Prior to 2.25.7 and 2.26.2, when @n8n/mcp-browser is run in HTTP transport mode, the MCP endpoint accepts session initialization and tool invocatio… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-54309	2026-06-26 03:40	2026-06-24	Show	GitHub Exploit DB Packet Storm

704	5.4	MEDIUM Network	n8n	n8n	n8n is an open source workflow automation platform. Prior to 2.24.0, an endpoint in the Meta and Microsoft Teams trigger nodes reflects a query parameter into the HTTP response without sanitization o… New	CWE-79 Cross-site Scripting	CVE-2026-54303	2026-06-26 03:39	2026-06-24	Show	GitHub Exploit DB Packet Storm

705	5.5	MEDIUM Local	nuxt	nuxt	Nuxt 4.0.0 before 4.4.7 and 3.18.0 before 3.21.7, when running the development server (nuxt dev) on Linux, binds the vite-node IPC server to an abstract-namespace Unix socket without permission restr… New	CWE-276 Incorrect Default Permissions	CVE-2026-56301	2026-06-26 03:39	2026-06-23	Show	GitHub Exploit DB Packet Storm

706	7.1	HIGH Network	flowiseai	flowise	Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-56275	2026-06-26 03:39	2026-06-23	Show	GitHub Exploit DB Packet Storm

707	9.9	CRITICAL Network	flowiseai	flowise	Flowise before 3.1.2 contains multiple OS command injection vulnerabilities in the Custom MCP Server feature due to incomplete command-flag validation and a regex bypass in local file access restrict… New	CWE-78 OS Command	CVE-2026-56274	2026-06-26 03:39	2026-06-23	Show	GitHub Exploit DB Packet Storm

708	6.1	MEDIUM Network	kidocode	crawl4ai	Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a… New	CWE-79 Cross-site Scripting	CVE-2026-56263	2026-06-26 03:39	2026-06-23	Show	GitHub Exploit DB Packet Storm

709	8.1	HIGH Network	kidocode	crawl4ai	Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlin… New	CWE-22 Path Traversal	CVE-2026-56258	2026-06-26 03:38	2026-06-23	Show	GitHub Exploit DB Packet Storm

710	8.3	HIGH Network	flowiseai	flowise	Flowise before 3.0.10 (affected versions 3.0.7 and earlier) contains an unverified email change vulnerability. An authenticated user can change the account email address, used as a login identifier a… New	CWE-620 Unverified Password Change	CVE-2025-71337	2026-06-26 03:38	2026-06-23	Show	GitHub Exploit DB Packet Storm