Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 13, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
441	7.5	重要 Network	Apache Software Foundation Debian F5 Networks	Apache HTTP Server nginx Debian GNU/Linux	Apache Software Foundation等の複数ベンダの製品における過剰なサイズ値のメモリ割り当てに関する脆弱性 New	CWE-789 過剰なサイズ値のメモリ割り当て	CVE-2026-49975	2026-06-11 16:15	2026-06-8	Show	GitHub Exploit DB Packet Storm

442	6.8	警告 Physics	マイクロソフト	Microsoft Windows 11 25h2 Microsoft Windows Server 2012 Microsoft Windows 11 24h2 Microsoft Windows 10 21h2 Microsoft Wind…	Windows BitLocker セキュリティ機能バイパスの脆弱性 New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-50507	2026-06-11 16:15	2026-06-9	Show	GitHub Exploit DB Packet Storm

443	9.1	緊急 Network	BINARY	DataDog::DogStatsd	BINARYのDataDog::DogStatsdにおける複数の脆弱性 New	CWE-150 CWE-93	CVE-2026-46719 CVE-2026-46720 CVE-2026-46741 CVE-2026-9270	2026-06-11 16:15	2026-06-5	Show	GitHub Exploit DB Packet Storm

444	9.8	緊急 Network	BINARY	DataDog::DogStatsd	BINARYのDataDog::DogStatsdにおける複数の脆弱性 New	CWE-150 CWE-93	CVE-2026-11362 CVE-2026-46719 CVE-2026-46720 CVE-2026-46741	2026-06-11 16:15	2026-06-5	Show	GitHub Exploit DB Packet Storm

445	7.8	重要 Local	Synology Inc.	Active Backup for Business Recovery Media Creator	Synology Inc.のActive Backup for Business Recovery Media Creatorにおける信頼できない制御領域からの機能の組み込みに関する脆弱性 New	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2022-49036	2026-06-11 16:14	2026-06-3	Show	GitHub Exploit DB Packet Storm

446	5.5	警告 Local	cilium	eBPF	ciliumのeBPFにおける複数の脆弱性 New	CWE-189 CWE-190	CVE-2026-10722	2026-06-11 16:14	2026-06-3	Show	GitHub Exploit DB Packet Storm

447	7.5	重要 Network	CRUX	Protocol::HTTP2	CRUXのProtocol::HTTP2における高圧縮データの処理 (データ増幅)に関する脆弱性 New	CWE-409 高圧縮データの不適切な処理 (データ増幅)	CVE-2026-10725	2026-06-11 16:14	2026-06-6	Show	GitHub Exploit DB Packet Storm

448	6.1	警告 Network	HCL Technologies Limited	Digital Experience Compose digital experience	HCL Technologies Limitedのdigital experience等の複数製品におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-21825	2026-06-11 16:14	2026-06-5	Show	GitHub Exploit DB Packet Storm

449	6.1	警告 Network	HCL Technologies Limited	Digital Experience Compose digital experience	HCL Technologies Limitedのdigital experience等の複数製品におけるオープンリダイレクトの脆弱性 New	CWE-601 オープンリダイレクト	CVE-2026-21826	2026-06-11 16:14	2026-06-5	Show	GitHub Exploit DB Packet Storm

450	8.8	重要 Network	HCL Technologies Limited	Digital Experience Compose digital experience	HCL Technologies Limitedのdigital experience等の複数製品におけるOS コマンドインジェクションの脆弱性 New	CWE-78 OSコマンド・インジェクション	CVE-2026-21837	2026-06-11 16:14	2026-06-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 13, 2026, 4:20 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
531	7.5	HIGH Network	-	-	IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing authentication using insecure direct object references. New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-7787	2026-06-12 01:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

532	8.8	HIGH Network	-	-	Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz allows a low-privileged authenticated user with Content/DataResource editing privileges to perform template inj… New	CWE-94 Code Injection	CVE-2026-50223	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

533	8.6	HIGH Network	-	-	Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati… New	CWE-918 CWE-1286 CWE-1389 Server-Side Request Forgery (SSRF) Improper Validation of Syntactic Correctness of Input	CVE-2026-50131	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

534	6.5	MEDIUM Network	-	-	IBM DevOps Plan 3.0.0 through 3.0.6 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against… New	CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax	CVE-2026-4096	2026-06-12 01:16	2026-06-12	Show	GitHub Exploit DB Packet Storm

535	3.7	LOW Network	-	-	Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.1… New	CWE-208 Information Exposure Through Timing Discrepancy	CVE-2026-48011	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

536	5.3	MEDIUM Network	-	-	Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST me… New	CWE-287 Improper Authentication	CVE-2026-46705	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

537	7.5	HIGH Network	-	-	libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j… New	CWE-20 CWE-400 CWE-401 Improper Input Validation Uncontrolled Resource Consumption Missing Release of Memory after Effective Lifetime	CVE-2026-46679	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

538	7.5	HIGH Network	-	-	Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-46673	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

539	-		-	-	OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theor… New	CWE-20 Improper Input Validation	CVE-2026-46669	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

540	3.6	LOW Local	-	-	bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo… New	CWE-22 CWE-193 Path Traversal Off-by-one Error	CVE-2026-45380	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm