Vulnerability Search Top
Show Search Menu
|
You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database). |
JVN Vulnerability Information
Update Date":June 4, 2026, 4 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Impact Show |
Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 4811 | 7.2 |
重要
Network |
boidcms | boidcms | boidcmsにおけるPHP リモートファイルインクルージョンの脆弱性 |
CWE-98
PHP リモートファイルインクルージョン |
CVE-2026-39387 | 2026-04-27 11:21 | 2026-04-14 | Show | GitHub Exploit DB Packet Storm |
| 4812 | 9.9 |
緊急
Network |
openremote | openremote | openremoteにおける複数の脆弱性 |
CWE-917 CWE-94 |
CVE-2026-39842 | 2026-04-27 11:21 | 2026-04-15 | Show | GitHub Exploit DB Packet Storm |
| 4813 | 10 |
緊急
Network |
Anthropic PBC | Claude Code | Anthropic PBCのClaude Codeにおける複数の脆弱性 |
CWE-22 CWE-61 |
CVE-2026-39861 | 2026-04-27 11:21 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 4814 | 8.1 |
重要
Network |
Suyog Sonwalkar | MCP Server Kubernetes | Suyog SonwalkarのMCP Server Kubernetesにおける引数の挿入または変更に関する脆弱性 |
CWE-88
引数の挿入または変更 |
CVE-2026-39884 | 2026-04-27 11:21 | 2026-04-15 | Show | GitHub Exploit DB Packet Storm |
| 4815 | 6.5 |
警告
Network |
jqlang | jq | jqlangのjqにおける境界外読み取りに関する脆弱性 |
CWE-125
境界外読み取り |
CVE-2026-39979 | 2026-04-27 11:21 | 2026-04-13 | Show | GitHub Exploit DB Packet Storm |
| 4816 | 5.5 |
警告
Local |
Linux Foundation | Sigstore Timestamp Authority | Linux FoundationのSigstore Timestamp Authorityにおける証明書検証に関する脆弱性 |
CWE-295
不正な証明書検証 |
CVE-2026-39984 | 2026-04-27 11:21 | 2026-04-15 | Show | GitHub Exploit DB Packet Storm |
| 4817 | 7.1 |
重要
Network |
lfprojects | Zarf | lfprojectsのZarfにおけるパストラバーサルの脆弱性 |
CWE-22
パス・トラバーサル |
CVE-2026-40090 | 2026-04-27 11:21 | 2026-04-15 | Show | GitHub Exploit DB Packet Storm |
| 4818 | 4.4 |
警告
Local |
Authzed, Inc. | SpiceDB | Authzed, Inc.のSpiceDBにおけるログファイルからの情報漏えいに関する脆弱性 |
CWE-532
ログファイルからの情報漏えい |
CVE-2026-40091 | 2026-04-27 11:21 | 2026-04-15 | Show | GitHub Exploit DB Packet Storm |
| 4819 | 5.4 |
警告
Network |
OpenMage | Magento | OpenMageのMagentoにおける認証の欠如に関する脆弱性 |
CWE-862
認証の欠如 |
CVE-2026-40098 | 2026-04-27 11:21 | 2026-04-20 | Show | GitHub Exploit DB Packet Storm |
| 4820 | 7.5 |
重要
Network |
free5gc | free5gc | free5GCにおける複数の脆弱性 |
CWE-285 CWE-636 |
CVE-2026-40248 | 2026-04-27 11:21 | 2026-04-16 | Show | GitHub Exploit DB Packet Storm |
NVD Vulnerability Information
Update Date:June 4, 2026, 4:17 a.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 411 | 7.5 |
HIGH
Network |
osgeo | mapserver | MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls _SLDApplyRuleValues(psRule, psLayer, 1); for any <Rule> carrying <ElseFil… Update |
CWE-129 CWE-476 Improper Validation of Array Index NULL Pointer Dereference |
CVE-2026-45104 | 2026-06-3 03:19 | 2026-05-28 | Show | GitHub Exploit DB Packet Storm |
| 412 | 5.5 |
MEDIUM
Local |
android | In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed… New |
CWE-400
Uncontrolled Resource Consumption |
CVE-2026-0069 | 2026-06-3 03:06 | 2026-06-2 | Show | GitHub Exploit DB Packet Storm | |
| 413 | 6.5 |
MEDIUM
Adjacent |
qualcomm |
fastconnect_7800_firmware qca7005_firmware snapdragon_ar1_gen_1_platform_firmware wcd9380_firmware wcd9385_firmware wsa8830_firmware wsa8832_firmware wsa8835_firmware |
Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration. New |
CWE-1230
Exposure of Sensitive Information Through Metadata |
CVE-2025-59601 | 2026-06-3 03:00 | 2026-06-2 | Show | GitHub Exploit DB Packet Storm |
| 414 | 7.8 |
HIGH
Local |
qualcomm |
snapdragon_480_5g_mobile_platform_firmware snapdragon_480\+_5g_mobile_platform_firmware snapdragon_6_gen_1_mobile_platform_firmware snapdragon_6_gen_3_mobile_platform_firmware snapdragon_… |
Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. New |
CWE-476
NULL Pointer Dereference |
CVE-2025-59604 | 2026-06-3 03:00 | 2026-06-2 | Show | GitHub Exploit DB Packet Storm |
| 415 | 7.8 |
HIGH
Local |
qualcomm |
snapdragon_g1_gen_2_gaming_platform_firmware ar8035_firmware csra6620_firmware csra6640_firmware fastconnect_6200_firmware fastconnect_6700_firmware fastconnect_6800_firmware fas… |
Memory Corruption when processing device identifier strings that exceed the expected maximum length. New |
CWE-787
Out-of-bounds Write |
CVE-2025-59605 | 2026-06-3 03:00 | 2026-06-2 | Show | GitHub Exploit DB Packet Storm |
| 416 | 7.8 |
HIGH
Local |
qualcomm |
cologne_firmware cq7790_firmware cq8725s_firmware cq8750m_firmware fastconnect_6200_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wsa8850_firmware wsa8850w_f… |
Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. New |
CWE-476
NULL Pointer Dereference |
CVE-2025-59606 | 2026-06-3 03:00 | 2026-06-2 | Show | GitHub Exploit DB Packet Storm |
| 417 | 5.5 |
MEDIUM
Network |
qualcomm |
5g_fixed_wireless_access_platform_firmware ar8035_firmware csr8811_firmware fastconnect_6700_firmware fastconnect_6900_firmware sxr2250p_firmware wcd9340_firmware wcd9370_firmwar… |
Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length. New |
CWE-126
Buffer Over-read |
CVE-2025-59609 | 2026-06-3 03:00 | 2026-06-2 | Show | GitHub Exploit DB Packet Storm |
| 418 | 7.5 |
HIGH
Network |
ultrajson_project | ultrajson | UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.12.1, when ujson.dump() writes to a file-like object and the write operation raises an excepti… Update |
CWE-401
Missing Release of Memory after Effective Lifetime |
CVE-2026-44660 | 2026-06-3 03:00 | 2026-05-28 | Show | GitHub Exploit DB Packet Storm |
| 419 | 7.8 |
HIGH
Local |
cnighswonger | claude-code-cache-fix | claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, tools/quota-statusline.sh (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directl… Update |
CWE-78 CWE-94 OS Command Code Injection |
CVE-2026-45136 | 2026-06-3 02:57 | 2026-05-28 | Show | GitHub Exploit DB Packet Storm |
| 420 | 7.8 |
HIGH
Local |
- | - | A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admi… New |
CWE-532
Inclusion of Sensitive Information in Log Files |
CVE-2026-40619 | 2026-06-3 02:35 | 2026-06-3 | Show | GitHub Exploit DB Packet Storm |