Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 28, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3651 7.5 重要
Network 		Fleet Device Management fleet Fleet Device Managementのfleetにおけるスプーフィングによる認証回避に関する脆弱性 CWE-290
スプーフィングによる認証回避 		CVE-2026-24899 2026-05-28 14:43 2026-05-14 Show GitHub Exploit DB Packet Storm
3652 9.6 緊急
Network 		lfprojects mlflow lfprojectsのmlflowにおける同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2026-2611 2026-05-28 14:43 2026-05-19 Show GitHub Exploit DB Packet Storm
3653 5.4 警告
Network 		Mattermost, Inc. Mattermost Server Mattermost, Inc.のMattermost Serverにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-28735 2026-05-28 14:43 2026-05-22 Show GitHub Exploit DB Packet Storm
3654 6.5 警告
Network 		OpenPLC Project OpenPLC_v3 ファームウェア OpenPLC ProjectのOpenPLC_v3 ファームウェアにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-31156 2026-05-28 14:42 2026-05-13 Show GitHub Exploit DB Packet Storm
3655 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性 CWE-401
有効期限後のメモリの解放の欠如 		CVE-2026-31390 2026-05-28 14:42 2026-04-3 Show GitHub Exploit DB Packet Storm
3656 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける不特定の脆弱性 CWE-Other
その他 		CVE-2026-31391 2026-05-28 14:42 2026-04-3 Show GitHub Exploit DB Packet Storm
3657 8.1 重要
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-31392 2026-05-28 14:42 2026-04-3 Show GitHub Exploit DB Packet Storm
3658 8.1 重要
Adjacent 		Linux Linux Kernel LinuxのLinux Kernelにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-31393 2026-05-28 14:42 2026-04-3 Show GitHub Exploit DB Packet Storm
3659 8.8 重要
Network 		Linux Linux Kernel LinuxのLinux Kernelにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-31433 2026-05-28 14:42 2026-04-22 Show GitHub Exploit DB Packet Storm
3660 9.8 緊急
Network 		lizardbyte sunshine lizardbyteのsunshineにおける複数の脆弱性 CWE-287
CWE-295
CVE-2026-32253 2026-05-28 14:42 2026-05-22 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
221 6.5 MEDIUM
Adjacent 		dhcpcd_project dhcpcd dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW repl… New CWE-416
 Use After Free 		CVE-2026-56113 2026-06-28 09:33 2026-06-24 Show GitHub Exploit DB Packet Storm
222 8.8 HIGH
Network 		dhcpcd_project dhcpcd Bootimus through 0.1.70 contains a broken access control vulnerability that allows authenticated low-privileged users to perform administrative actions by exploiting missing role enforcement in the J… New CWE-862
 Missing Authorization 		CVE-2026-56115 2026-06-28 09:28 2026-06-24 Show GitHub Exploit DB Packet Storm
223 6.5 MEDIUM
Adjacent 		dhcpcd_project dhcpcd dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an unauthenticated same-link attacker to c… New CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2026-56116 2026-06-28 09:27 2026-06-24 Show GitHub Exploit DB Packet Storm
224 5.5 MEDIUM
Local 		dhcpcd_project dhcpcd dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger me… New CWE-416
 Use After Free 		CVE-2026-56117 2026-06-28 09:26 2026-06-24 Show GitHub Exploit DB Packet Storm
225 4.8 MEDIUM
Network 		fortra file_integrity_monitoring Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnerability in the Asset View UI component. An authentica… New CWE-79
Cross-site Scripting 		CVE-2026-12163 2026-06-28 09:21 2026-06-24 Show GitHub Exploit DB Packet Storm
226 7.3 HIGH
Local 		presire qsnapper A path traversal attack when using a "configName" parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or pot… New CWE-23
 Relative Path Traversal 		CVE-2026-41046 2026-06-28 09:17 2026-06-23 Show GitHub Exploit DB Packet Storm
227 8.1 HIGH
Network 		- - The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfm_d… New CWE-73
 External Control of File Name or Path 		CVE-2026-8095 2026-06-28 09:16 2026-06-28 Show GitHub Exploit DB Packet Storm
228 8.7 HIGH
Local 		- - Zephyr's IP socket recvmsg() implementation (subsys/net/lib/sockets/sockets_inet.c, insert_pktinfo()) validated the user-supplied ancillary (msg_control) buffer using only the payload length (msg-msg… New CWE-787
 Out-of-bounds Write 		CVE-2026-10643 2026-06-28 09:16 2026-06-28 Show GitHub Exploit DB Packet Storm
229 7.0 HIGH
Local 		presire qsnapper A time-to-check-time-of-use in polkit authentication of qSnapper before version 1.3.3 allowed a local attacker to bypass qSnappers authentication mechanism and operate e.g. as root user. New CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-41045 2026-06-28 09:10 2026-06-23 Show GitHub Exploit DB Packet Storm
230 5.5 MEDIUM
Local 		presire qsnapper Lack of authentication when using the "snapshot diff" functions in qSnapper before version 1.3.3 allowed a local attacker to see otherwise read protected information. New CWE-306
CWE-863
Missing Authentication for Critical Function
 Incorrect Authorization 		CVE-2026-41047 2026-06-28 09:08 2026-06-23 Show GitHub Exploit DB Packet Storm