Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 24, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
6341	7.2	重要 Network	Progress Software Corporation	ECS Connection Manager loadmaster Connection Manager for ObjectScale	Progress Software CorporationのConnection Manager for ObjectScale等の複数製品におけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-3519	2026-05-7 12:06	2026-04-20	Show	GitHub Exploit DB Packet Storm

6342	8.1	重要 Network	FreeBSD	FreeBSD	FreeBSDにおける複数の脆弱性	CWE-122 CWE-130	CVE-2026-35547	2026-05-7 12:06	2026-04-30	Show	GitHub Exploit DB Packet Storm

6343	7.5	重要 Network	libsndfile project	libsndfile	libsndfile projectのlibsndfileにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-37555	2026-05-7 12:06	2026-04-29	Show	GitHub Exploit DB Packet Storm

6344	6.5	警告 Network	Grokability, Inc.	Snipe-IT	Grokability, Inc.のSnipe-ITにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2026-38533	2026-05-7 12:05	2026-04-14	Show	GitHub Exploit DB Packet Storm

6345	7.5	重要 Network	Apache Software Foundation	ActiveMQ Broker Apache ActiveMQ	Apache Software FoundationのApache ActiveMQ等の複数製品におけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-39304	2026-05-7 12:05	2026-04-10	Show	GitHub Exploit DB Packet Storm

6346	6.5	警告 Network	OpenBao	OpenBao	OpenBaoにおける複数の脆弱性	CWE-400 CWE-674 CWE-770	CVE-2026-39396	2026-05-7 12:05	2026-04-21	Show	GitHub Exploit DB Packet Storm

6347	7.8	重要 Local	FreeBSD	FreeBSD	FreeBSDにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-121 スタックオーバーフロー	CVE-2026-39457	2026-05-7 12:05	2026-04-30	Show	GitHub Exploit DB Packet Storm

6348	10	緊急 Network	traefik	traefik	traefikにおける複数の脆弱性	CWE-290 CWE-306	CVE-2026-39858	2026-05-7 12:05	2026-04-30	Show	GitHub Exploit DB Packet Storm

6349	7.2	重要 Network	Progress Software Corporation	ECS Connection Manager loadmaster Connection Manager for ObjectScale	Progress Software CorporationのConnection Manager for ObjectScale等の複数製品におけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-4048	2026-05-7 12:05	2026-04-20	Show	GitHub Exploit DB Packet Storm

6350	7.8	重要 Local	radare	radare2	radareのradare2におけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-40499	2026-05-7 12:05	2026-04-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 24, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1391	6.1	MEDIUM Network	vmware	spring_framework	A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view name is not explicitly specified allows an attacker to craft a link resulting in a 302 redirect to an ar…	CWE-601 Open Redirect	CVE-2026-41844	2026-06-12 01:19	2026-06-9	Show	GitHub Exploit DB Packet Storm

1392	6.5	MEDIUM Network	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.	CWE-476 NULL Pointer Dereference	CVE-2026-42903	2026-06-12 01:17	2026-06-10	Show	GitHub Exploit DB Packet Storm

1393	-		-	-	openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details fro…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-8406	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1394	8.6	HIGH Network	-	-	Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validati…	CWE-918 CWE-1286 CWE-1389 Server-Side Request Forgery (SSRF) Improper Validation of Syntactic Correctness of Input	CVE-2026-50131	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1395	3.7	LOW Network	-	-	Shopware is an open commerce platform. Prior to versions 6.6.10.18 and 6.7.10.1, an attacker is able to enumerate the usernames of administrator users by performing a timing attack. Versions 6.6.10.1…	CWE-208 Information Exposure Through Timing Discrepancy	CVE-2026-48011	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1396	5.3	MEDIUM Network	-	-	Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, the russh server authentication path keeps internal userauth state across SSH_MSG_USERAUTH_REQUEST me…	CWE-287 Improper Authentication	CVE-2026-46705	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1397	7.5	HIGH Network	-	-	libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 15.0.23, three cooperating omissions in @libp2p/gossipsub allow an unauthenticated single peer to exhaust the Node.j…	CWE-20 CWE-400 CWE-401 Improper Input Validation Uncontrolled Resource Consumption Missing Release of Memory after Effective Lifetime	CVE-2026-46679	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1398	7.5	HIGH Network	-	-	Russh is a Rust SSH client & server library. Prior to version 0.60.3, CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation/locking paths. In current russh rele…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-46673	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1399	3.6	LOW Local	-	-	bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink() allo…	CWE-22 CWE-193 Path Traversal Off-by-one Error	CVE-2026-45380	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm

1400	9.8	CRITICAL Network	-	-	SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) …	CWE-89 SQL Injection	CVE-2026-38581	2026-06-12 01:16	2026-06-11	Show	GitHub Exploit DB Packet Storm