Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3641	6.5	警告 Network	The Go Project	Net	The Go ProjectのNetにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-25680	2026-06-3 17:05	2026-05-22	Show	GitHub Exploit DB Packet Storm

3642	6.1	警告 Network	The Go Project	Net	The Go ProjectのNetにおけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-25681	2026-06-3 17:05	2026-05-22	Show	GitHub Exploit DB Packet Storm

3643	6.1	警告 Network	The Go Project	Net	The Go ProjectのNetにおけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-27136	2026-06-3 17:05	2026-05-22	Show	GitHub Exploit DB Packet Storm

3644	9.8	緊急 Network	Linaro	Open Asymmetric Multi Processing (OpenAMP)	LinaroのOpen Asymmetric Multi Processing (OpenAMP)における整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-37540	2026-06-3 17:05	2026-05-1	Show	GitHub Exploit DB Packet Storm

3645	9.6	緊急 Network	The Go Project	Net	The Go ProjectのNetにおける安全でない等式による入力の不適切な検証に関する脆弱性	CWE-1289 安全でない等式による入力の不適切な検証	CVE-2026-39821	2026-06-3 17:05	2026-05-22	Show	GitHub Exploit DB Packet Storm

3646	7.5	重要 Network	マイクロソフト	Microsoft Planetary Computer Pro (GeoCatalog)	Microsoft Planetary Computer Pro の情報漏えいの脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41104	2026-06-3 17:04	2026-05-22	Show	GitHub Exploit DB Packet Storm

3647	9.6	緊急 Network	charm	Wish	charmのWishにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-41589	2026-06-3 17:04	2026-05-7	Show	GitHub Exploit DB Packet Storm

3648	9.1	緊急 Network	i18next	i18next-http-backend	i18nextのi18next-http-backendにおける複数の脆弱性	CWE-22 CWE-74	CVE-2026-41691	2026-06-3 17:04	2026-05-7	Show	GitHub Exploit DB Packet Storm

3649	4.7	警告 Network	i18next	i18nextify	i18nextのi18nextifyにおける複数の脆弱性	CWE-79 CWE-94	CVE-2026-41692	2026-06-3 17:04	2026-05-7	Show	GitHub Exploit DB Packet Storm

3650	10	緊急 Network	th30d4y	OpenLearnX	th30d4yのOpenLearnXにおける複数の脆弱性	CWE-250 CWE-284 CWE-693 CWE-78 CWE-94	CVE-2026-41900	2026-06-3 17:04	2026-05-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
311	4.6	MEDIUM Physics	-	-	Cleartext storage and exposure of WPA2 credentials, and missing authentication on the rr/wr memory read/write commands, in the unauthenticated UART debug console of the Tenda N300 F3 (V603) allow a p… New	CWE-312 Cleartext Storage of Sensitive Information	CVE-2026-38571	2026-06-30 00:16	2026-06-27	Show	GitHub Exploit DB Packet Storm

312	7.5	HIGH Network	-	-	An issue in Technitium DNS Server v.14.3 and before allows a remote attacker to cause a denial of service via the DnsServerApp.exe, DnsServerApp.dll, TechnitiumLibrary.Net/Dns/DnsClient.cs components New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-36478	2026-06-30 00:16	2026-06-27	Show	GitHub Exploit DB Packet Storm

313	8.1	HIGH Network	-	-	The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using the… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-31928	2026-06-30 00:16	2026-06-27	Show	GitHub Exploit DB Packet Storm

314	7.5	HIGH Network	-	-	fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode (IDN) hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constru… New	CWE-436 Interpretation Conflict	CVE-2026-13676	2026-06-30 00:16	2026-06-29	Show	GitHub Exploit DB Packet Storm

315	-		-	-	SzafirHost verifies the downloaded native library archive with one JarFile parser (reading the Central Directory) but extracts native libraries with JarInputStream parser (reading sequentially from l… New	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-13165	2026-06-30 00:16	2026-06-29	Show	GitHub Exploit DB Packet Storm

316	-		-	-	The /v1/upload/sbom endpoint extracts the iss claim from the attacker-supplied JWT with signature verification disabled, then interpolates that string into three log statements before any validation … New	CWE-117 Improper Output Neutralization for Logs	CVE-2026-12616	2026-06-30 00:16	2026-06-29	Show	GitHub Exploit DB Packet Storm

317	-		-	-	libxml2 is vulnerable to multiple stack-based buffer overflows in the xmlcatalog utility when running in --shell mode. The usershell() function processes user input using fixed-size stack buffers wit… New	CWE-121 Stack-based Buffer Overflow	CVE-2026-11979	2026-06-30 00:16	2026-06-29	Show	GitHub Exploit DB Packet Storm

318	7.4	HIGH Network	-	-	Zephyr's BSD-sockets getaddrinfo() implementation (subsys/net/lib/sockets/getaddrinfo.c) passes a pointer to a stack-allocated state object (struct getaddrinfo_state ai_state) as the user_data of an … New	CWE-416 Use After Free	CVE-2026-10646	2026-06-30 00:16	2026-06-28	Show	GitHub Exploit DB Packet Storm

319	4.2	MEDIUM Adjacent	-	-	The Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c), used by the PIC32CM-JH SoC family, contains an out-of-bounds write in its asynchronous (DMA) receive path. When uart_rx_ena… New	CWE-787 Out-of-bounds Write	CVE-2026-10644	2026-06-30 00:16	2026-06-28	Show	GitHub Exploit DB Packet Storm

320	8.7	HIGH Local	-	-	Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg… New	CWE-787 Out-of-bounds Write	CVE-2026-10643	2026-06-30 00:16	2026-06-28	Show	GitHub Exploit DB Packet Storm