Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 20, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4181	4.9	警告 Network	aiven	Aiven Operator	aivenのAiven Operatorにおける複数の脆弱性	CWE-269 CWE-441	CVE-2026-39961	2026-05-15 10:54	2026-04-9	Show	GitHub Exploit DB Packet Storm

4182	8.8	重要 Network	AGiXT	AGiXT	AGiXTにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-39981	2026-05-15 10:54	2026-04-9	Show	GitHub Exploit DB Packet Storm

4183	7.5	重要 Network	Succinct	SP1	SuccinctのSP1における複数の脆弱性	CWE-345 CWE-354	CVE-2026-40323	2026-05-15 10:54	2026-04-18	Show	GitHub Exploit DB Packet Storm

4184	8.8	重要 Network	Electric	Sync-service	ElectricのSync-serviceにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-40906	2026-05-15 10:54	2026-04-21	Show	GitHub Exploit DB Packet Storm

4185	6.5	警告 Network	Apache Software Foundation	Apache-airflow-providers-elasticsearch	Apache Software FoundationのApache-airflow-providers-elasticsearchにおけるログファイルからの情報漏えいに関する脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2026-41018	2026-05-15 10:54	2026-05-11	Show	GitHub Exploit DB Packet Storm

4186	6.5	警告 Network	BETTER-AUTH.	Better Auth OAuth Provider	BETTER-AUTH.のBetter Auth OAuth Providerにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-41427	2026-05-15 10:54	2026-04-24	Show	GitHub Exploit DB Packet Storm

4187	8.6	重要 Network	Inngest	Inngest	Inngestにおける複数の脆弱性	CWE-200 CWE-497	CVE-2026-42047	2026-05-15 10:54	2026-05-7	Show	GitHub Exploit DB Packet Storm

4188	8.5	重要 Network	Open edX	Open edx Enterprise Service	Open edXのOpen edx Enterprise Serviceにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-42860	2026-05-15 10:54	2026-05-11	Show	GitHub Exploit DB Packet Storm

4189	6.5	警告 Network	Apache Software Foundation	Apache-airflow-providers-opensearch	Apache Software FoundationのApache-airflow-providers-opensearchにおけるログファイルからの情報漏えいに関する脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2026-43826	2026-05-15 10:54	2026-05-11	Show	GitHub Exploit DB Packet Storm

4190	6.8	警告 Network	Bpple (bx33661)	Wireshark MCP	Bpple (bx33661)のWireshark MCPにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-43901	2026-05-15 10:54	2026-05-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 20, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3311	6.4	MEDIUM Adjacent	-	-	Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 enables WPS 2.0 by default with a weak lockout policy (60-second lockout after 10 attempts).	CWE-307 CWE-1188 mproper Restriction of Excessive Authentication Attempts Insecure Default Initialization of Resource	CVE-2026-36612	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3312	4.3	MEDIUM Adjacent	-	-	Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized internal buffer contents when receiving HTTP POST requests to undefined paths, exposing server state to una…	CWE-125 Out-of-bounds Read	CVE-2026-36613	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3313	4.3	MEDIUM Adjacent	-	-	Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 exposes an undocumented /agileconfigreset endpoint that returns internal buffer contents to unauthenticated attackers on the adjacent network.	CWE-200 Information Exposure	CVE-2026-36615	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3314	5.9	MEDIUM Adjacent	-	-	Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware…	CWE-798 CWE-1188 Use of Hard-coded Credentials Insecure Default Initialization of Resource	CVE-2026-36616	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3315	4.3	MEDIUM Adjacent	-	-	Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 responds to version.bind CHAOS TXT queries, disclosing the DNS resolver software version (unbound 1.22.0), aiding targeted attacks against kno…	CWE-200 Information Exposure	CVE-2026-36618	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3316	-		-	-	FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 leak the exact system version through asset cache buster parameters in HTML output, bypassing the `hid…	CWE-200 Information Exposure	CVE-2026-40495	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3317	-		-	-	FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the Redirect module does not validate the URL scheme of administrator-configured destination URLs befo…	CWE-601 Open Redirect	CVE-2026-43924	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3318	-		-	-	FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, the password reset confirmation endpoint `/client/reset-password-confirm/:hash` is handled by a non-AP…	CWE-204 CWE-307 Response Discrepancy Information Exposure mproper Restriction of Excessive Authentication Attempts	CVE-2026-43926	2026-06-5 00:41	2026-06-4	Show	GitHub Exploit DB Packet Storm

3319	7.4	HIGH Local	-	-	A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2025-64390	2026-06-5 00:35	2026-06-3	Show	GitHub Exploit DB Packet Storm

3320	-		-	-	Out of bounds write and reads in openSeaChest’s --showSCSIDefects in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing defect information out of bounds for very large defe…	CWE-787 Out-of-bounds Write	CVE-2026-10717	2026-06-5 00:35	2026-06-3	Show	GitHub Exploit DB Packet Storm