Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3471	9.8	緊急 Network	Thingino	Thingino Firmware	ThinginoのThingino FirmwareにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-26213	2026-06-5 10:52	2026-03-26	Show	GitHub Exploit DB Packet Storm

3472	7.5	重要 Network	MessagePack	MessagePack	shamatonのMessagePackにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-32284	2026-06-5 10:52	2026-03-26	Show	GitHub Exploit DB Packet Storm

3473	7.5	重要 Network	pgproto3 project	pgproto3	Jackcのpgproto3における配列インデックスの検証に関する脆弱性	CWE-129 配列インデックスの不適切な検証	CVE-2026-32286	2026-06-5 10:52	2026-03-26	Show	GitHub Exploit DB Packet Storm

3474	7.5	重要 Network	HKUDS	DeepCode	HKUDSのDeepCodeにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-32847	2026-06-5 10:51	2026-05-28	Show	GitHub Exploit DB Packet Storm

3475	5.3	警告 Network	storage project	storage	NhostのStorageにおける複数の脆弱性	CWE-343 CWE-345	CVE-2026-33221	2026-06-5 10:51	2026-03-20	Show	GitHub Exploit DB Packet Storm

3476	9.8	緊急 Network	Datadog	dd-trace-java	Datadogのdd-trace-javaにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-33728	2026-06-5 10:51	2026-03-27	Show	GitHub Exploit DB Packet Storm

3477	6.1	警告 Network	Carnegie Mellon University (Project Cyrus)	cveClient	Carnegie Mellon University (Project Cyrus)のcveClientにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-35466	2026-06-5 10:51	2026-04-2	Show	GitHub Exploit DB Packet Storm

3478	7.5	重要 Network	Carnegie Mellon University (Project Cyrus)	cveClient	Carnegie Mellon University (Project Cyrus)のcveClientにおける認証情報の不十分な保護に関する脆弱性	CWE-522 認証情報の不十分な保護	CVE-2026-35467	2026-06-5 10:51	2026-04-2	Show	GitHub Exploit DB Packet Storm

3479	7.5	重要 Network	Mosaic5G	Flexric	Mosaic5GのFlexricにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-37226	2026-06-5 10:51	2026-06-1	Show	GitHub Exploit DB Packet Storm

3480	7.5	重要 Network	Mosaic5G	Flexric	Mosaic5GのFlexricにおける到達可能なアサーションに関する脆弱性	CWE-617 到達可能なアサーション	CVE-2026-37228	2026-06-5 10:51	2026-06-1	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
421	7.6	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, Open WebUI patched SVG XSS in user profile images and webhook profile images but for… New	CWE-79 CWE-116 CWE-693 Cross-site Scripting Improper Encoding or Escaping of Output Protection Mechanism Failure	CVE-2026-54013	2026-06-27 05:17	2026-06-24	Show	GitHub Exploit DB Packet Storm

422	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, the chat message listener allows non-same-origin input:prompt and action:submit mess… New	CWE-346 Origin Validation Error	CVE-2026-54007	2026-06-27 05:17	2026-06-24	Show	GitHub Exploit DB Packet Storm

423	-		-	-	In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pci_name() for debugfs directory naming Use pci_name(pdev) for the per-device debugfs directory instead of hardcod… New	-	CVE-2026-53324	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

424	-		-	-	In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops DSA replaces the conduit (master) device's ethtool_ops with… New	-	CVE-2026-53323	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

425	-		-	-	In the Linux kernel, the following vulnerability has been resolved: io_uring/napi: cap busy_poll_to 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no… New	-	CVE-2026-53321	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

426	-		-	-	In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty() nilfs_ioctl_mark_blocks_dirty() uses bd_oblocknr to detect dea… New	-	CVE-2026-53320	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

427	-		-	-	In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default() wbt_init_enable_default() uses WARN_ON_ONCE to check for failures fro… New	-	CVE-2026-53319	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

428	-		-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr() Move the NULL check for 'sta' before dereferencing… New	-	CVE-2026-53318	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

429	-		-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This sit… New	-	CVE-2026-53317	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

430	-		-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected() Fixes a NULL pointer dereference when ras_core is NULL and ras_c… New	-	CVE-2026-53316	2026-06-27 05:17	2026-06-27	Show	GitHub Exploit DB Packet Storm