Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 12, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
5191 5.3 警告
Network 		Timo Sirainen
Open-Xchange		 Dovecot Pro
Dovecot 		Timo Sirainen等の複数ベンダの製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-0394 2026-05-1 10:39 2026-03-27 Show GitHub Exploit DB Packet Storm
5192 8.2 重要
Network 		Timo Sirainen
Open-Xchange		 Dovecot Pro
Dovecot 		Timo Sirainen等の複数ベンダの製品におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-24031 2026-05-1 10:39 2026-03-27 Show GitHub Exploit DB Packet Storm
5193 5.9 警告
Network 		Timo Sirainen
Open-Xchange		 Dovecot Pro
Dovecot 		Timo Sirainen等の複数ベンダの製品におけるCapture-replay による認証回避に関する脆弱性 CWE-294
Capture-replayによる認証回避 		CVE-2026-27855 2026-05-1 10:39 2026-03-27 Show GitHub Exploit DB Packet Storm
5194 5.9 警告
Network 		Timo Sirainen
Open-Xchange		 Dovecot Pro
Dovecot 		Timo Sirainen等の複数ベンダの製品における認証に関する脆弱性 CWE-287
CWE-Other
CVE-2026-27856 2026-05-1 10:39 2026-03-27 Show GitHub Exploit DB Packet Storm
5195 5.3 警告
Network 		Timo Sirainen
Open-Xchange		 Dovecot Pro
Dovecot 		Timo Sirainen等の複数ベンダの製品におけるLDAP インジェクションの脆弱性 CWE-90
LDAP インジェクション 		CVE-2026-27860 2026-05-1 10:39 2026-03-27 Show GitHub Exploit DB Packet Storm
5196 8.4 重要
Local 		Anthropic PBC Claude Code
Claude Agent SDK 		Anthropic PBCのClaude Agent SDK等の複数製品におけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-35020 2026-05-1 10:39 2026-04-6 Show GitHub Exploit DB Packet Storm
5197 7.8 重要
Local 		Anthropic PBC Claude Code
Claude Agent SDK 		Anthropic PBCのClaude Agent SDK等の複数製品におけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-35021 2026-05-1 10:39 2026-04-6 Show GitHub Exploit DB Packet Storm
5198 9.8 緊急
Network 		Anthropic PBC Claude Code
Claude Agent SDK 		Anthropic PBCのClaude Agent SDK等の複数製品におけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-35022 2026-05-1 10:39 2026-04-6 Show GitHub Exploit DB Packet Storm
5199 7.8 重要
Local 		MAGIX MAGIX MP3 deluxe MAGIXのMAGIX MP3 deluxeにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2018-25260 2026-05-1 10:39 2026-04-22 Show GitHub Exploit DB Packet Storm
5200 7.8 重要
Local 		Enter Srl Iperius Backup Enter SrlのIperius Backupにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2018-25261 2026-05-1 10:39 2026-04-22 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 12, 2026, 4:20 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1341 6.5 MEDIUM
Network 		- - A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denia… CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-11611 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1342 - - - Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and ca… CWE-617
 Reachable Assertion 		CVE-2026-35058 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1343 - - - A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS… CWE-125
CWE-416
Out-of-bounds Read
 Use After Free 		CVE-2026-40215 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1344 4.2 MEDIUM
Network 		- - SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credent… CWE-35
 Path Traversal: '.../...//' 		CVE-2026-24315 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1345 9.8 CRITICAL
Network 		- - Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that explo… CWE-121
Stack-based Buffer Overflow 		CVE-2026-27671 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1346 9.0 CRITICAL
Network 		- - SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal an… CWE-35
 Path Traversal: '.../...//' 		CVE-2026-40128 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1347 3.7 LOW
Network 		- - Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the… CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-44743 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1348 6.5 MEDIUM
Network 		- - SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized dat… CWE-89
SQL Injection 		CVE-2026-44744 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1349 6.1 MEDIUM
Network 		- - Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks… CWE-79
Cross-site Scripting 		CVE-2026-44746 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm
1350 9.9 CRITICAL
Network 		- - SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier… CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-44748 2026-06-9 11:08 2026-06-9 Show GitHub Exploit DB Packet Storm