Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
6391	6.1	警告 Network	WorkflowFirst Software LLC	Staff.Wiki	WorkflowFirst Software LLCのStaff.Wikiにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-29969	2026-05-11 11:02	2026-03-26	Show	GitHub Exploit DB Packet Storm

6392	5.4	警告 Network	spomky-labs	webauthn-lib webauthn-symfony-bundle webauthn framwork	spomky-labsのwebauthn-lib等の複数製品における同一生成元ポリシー違反に関する脆弱性	CWE-346 同一生成元ポリシー違反	CVE-2026-30964	2026-05-11 11:02	2026-03-10	Show	GitHub Exploit DB Packet Storm

6393	6.5	警告 Network	appium	Appium/support	appiumのAppium/supportにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-30973	2026-05-11 11:02	2026-03-10	Show	GitHub Exploit DB Packet Storm

6394	8.8	重要 Network	マイクロソフト	Microsoft Windows Server 2025 Microsoft Windows Server 2022 Microsoft Windows 11 24h2 Microsoft Windows 11 25h2 Microsoft …	リモートデスクトップクライアントのリモートでコードが実行される脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-32157	2026-05-11 11:02	2026-04-14	Show	GitHub Exploit DB Packet Storm

6395	10	緊急 Network	Luis Novo (lfnovo)	Open Notebook	Luis Novo (lfnovo)のOpen Notebookにおける入力確認に関する脆弱性	CWE-20 CWE-noinfo	CVE-2026-33587	2026-05-11 11:02	2026-05-7	Show	GitHub Exploit DB Packet Storm

6396	8.1	重要 Network	Luis Novo (lfnovo)	Open Notebook	Luis Novo (lfnovo)のOpen Notebookにおける入力確認に関する脆弱性	CWE-20 CWE-noinfo	CVE-2026-33588	2026-05-11 11:02	2026-05-7	Show	GitHub Exploit DB Packet Storm

6397	6.5	警告 Network	Luis Novo (lfnovo)	Open Notebook	Luis Novo (lfnovo)のOpen Notebookにおける入力確認に関する脆弱性	CWE-20 CWE-noinfo	CVE-2026-33589	2026-05-11 11:02	2026-05-7	Show	GitHub Exploit DB Packet Storm

6398	9.8	緊急 Network	bukts.ru LLC (Nefteprodukttekhnika)	BUK TS-G Gas Station Automation System	bukts.ru LLC (Nefteprodukttekhnika)のBUK TS-G Gas Station Automation SystemにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-3843	2026-05-11 11:02	2026-03-10	Show	GitHub Exploit DB Packet Storm

6399	6.1	警告 Network	spin.js	spin.js	spin.jsにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3884	2026-05-11 11:02	2026-03-11	Show	GitHub Exploit DB Packet Storm

6400	8.3	重要 Network	HCL Technologies Limited	HCL BigFix Service Management (SM)	HCL Technologies LimitedのHCL BigFix Service Management (SM)におけるログファイルからの情報漏えいに関する脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2024-30151	2026-05-11 11:02	2026-05-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1301	3.7	LOW Network	-	-	An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The pr…	CWE-116 Improper Encoding or Escaping of Output	CVE-2026-40011	2026-06-26 01:00	2026-06-25	Show	GitHub Exploit DB Packet Storm

1302	3.7	LOW Network	-	-	An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.	CWE-705 Incorrect Control Flow Scoping	CVE-2026-40208	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1303	5.3	MEDIUM Network	-	-	An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a…	CWE-772 Missing Release of Resource after Effective Lifetime	CVE-2026-40209	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1304	4.8	MEDIUM Network	-	-	An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.	CWE-126 Buffer Over-read	CVE-2026-40210	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1305	5.3	MEDIUM Network	-	-	An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-40211	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1306	3.7	LOW Network	-	-	An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend …	CWE-115 Misinterpretation of Input	CVE-2026-42004	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1307	5.3	MEDIUM Network	-	-	An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.	CWE-20 Improper Input Validation	CVE-2026-42390	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1308	5.9	MEDIUM Network	-	-	Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.	CWE-290 Authentication Bypass by Spoofing	CVE-2026-52690	2026-06-26 00:59	2026-06-25	Show	GitHub Exploit DB Packet Storm

1309	4.7	MEDIUM Network	google	chrome	Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.…	CWE-346 Origin Validation Error	CVE-2026-13034	2026-06-26 00:23	2026-06-25	Show	GitHub Exploit DB Packet Storm

1310	6.5	MEDIUM Network	-	-	Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.	CWE-862 Missing Authorization	CVE-2026-57619	2026-06-26 00:16	2026-06-25	Show	GitHub Exploit DB Packet Storm