Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
6391	6.6	警告 Local	オラクル	Oracle Cloud Native Environment (Oracle CNE) Command Line Interface (CLI)	オラクルのOracle Cloud Native Environment (Oracle CNE) Command Line Interface (CLI)におけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-35255	2026-05-8 12:10	2026-05-6	Show	GitHub Exploit DB Packet Storm

6392	5.5	警告 Local	ikea	DIRIGERA Firmware	ikeaのDIRIGERA Firmwareにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-3588	2026-05-8 12:10	2026-03-9	Show	GitHub Exploit DB Packet Storm

6393	10	緊急 Network	Unisys	WebPerfect Image Suite	UnisysのWebPerfect Image Suiteにおけるフィルタリングの回避に関する脆弱性	CWE-441 フィルタリング回避	CVE-2026-39906	2026-05-8 12:10	2026-04-14	Show	GitHub Exploit DB Packet Storm

6394	10	緊急 Network	Unisys	WebPerfect Image Suite	UnisysのWebPerfect Image Suiteにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2026-39907	2026-05-8 12:10	2026-04-14	Show	GitHub Exploit DB Packet Storm

6395	7.5	重要 Network	ZTE	ZXESM iEMS	ZTEのZXESM iEMSにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2026-40436	2026-05-8 12:10	2026-04-13	Show	GitHub Exploit DB Packet Storm

6396	7.5	重要 Network	MIYAGAWA (Tatsuhiko Miyagawa)	Starman	MIYAGAWA (Tatsuhiko Miyagawa)のStarmanにおけるHTTP リクエストスマグリングに関する脆弱性	CWE-444 HTTP リクエストスマグリング	CVE-2026-40560	2026-05-8 12:10	2026-04-29	Show	GitHub Exploit DB Packet Storm

6397	5.3	警告 Network	Kazuho Oku (kazuho)	Starlet	Kazuho Oku (kazuho)のStarletにおけるHTTP リクエストスマグリングに関する脆弱性	CWE-444 HTTP リクエストスマグリング	CVE-2026-40561	2026-05-8 12:10	2026-05-3	Show	GitHub Exploit DB Packet Storm

6398	7.5	重要 Network	NERDVANA (Michael Conrad)	Crypt-SecretBuffer	NERDVANA (Michael Conrad)のCrypt-SecretBufferにおけるタイミングの違いに起因する情報漏えいに関する脆弱性	CWE-208 タイミングの違いに起因する情報漏えい	CVE-2026-5086	2026-05-8 12:10	2026-04-13	Show	GitHub Exploit DB Packet Storm

6399	7.5	重要 Network	JDEGUEST (Jacques Deguest)	Apache::API::Password	JDEGUEST (Jacques Deguest)のApache::API::Passwordにおける暗号の脆弱な PRNG の使用に関する脆弱性	CWE-338 暗号における脆弱な PRNG の使用	CVE-2026-5088	2026-05-8 12:09	2026-04-15	Show	GitHub Exploit DB Packet Storm

6400	8.8	重要 Network	Cerberus, LLC	Cerberus FTP Server	CerberusのCerberus FTP Serverにおける安全に保持されない継承されたパーミッションに関する脆弱性	CWE-278 安全に保持されない継承されたパーミッション	CVE-2026-6265	2026-05-8 12:09	2026-04-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1451	9.0	CRITICAL Network	-	-	In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted by an unauthenticated user, l…	CWE-287 CWE-330 CWE-340 Improper Authentication Use of Insufficiently Random Values Generation of Predictable Numbers or Identifiers	CVE-2026-11374	2026-06-25 02:16	2026-06-23	Show	GitHub Exploit DB Packet Storm

1452	5.9	MEDIUM Network	-	-	IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to denial of service in the WebSphere WebServer Plug-in component when an attacker can pass crafted reques…	CWE-476 NULL Pointer Dereference	CVE-2026-10852	2026-06-25 02:16	2026-06-23	Show	GitHub Exploit DB Packet Storm

1453	5.4	MEDIUM Network	-	-	The Tempo and Loki datasource plugins construct backend HTTP requests by interpolating user-supplied input into URL paths without sanitization, enabling path traversal. A Viewer-role user can: (1) ca…	CWE-22 Path Traversal	CVE-2026-10601	2026-06-25 02:16	2026-06-22	Show	GitHub Exploit DB Packet Storm

1454	5.4	MEDIUM Network	eclipse	open_vsx	Open VSX Registry does not sanitize SVG files uploaded as extension icons prior to storage, and serves them with Content-Type: image/svg+xml without security headers such as Content-Security-Policy o…	CWE-79 Cross-site Scripting	CVE-2026-4983	2026-06-25 01:55	2026-06-23	Show	GitHub Exploit DB Packet Storm

1455	5.3	MEDIUM Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, the fix for CVE-2026-22778, which introduced a sanitize_message helper that strips object-repr memory add…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-54236	2026-06-25 01:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

1456	6.5	MEDIUM Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, ll temperature validation gates use comparison operators (<, >), which silently evaluate to False for NaN…	CWE-1287 Improper Validation of Specified Type of Input	CVE-2026-54235	2026-06-25 01:53	2026-06-23	Show	GitHub Exploit DB Packet Storm

1457	6.5	MEDIUM Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.23.1rc0, vLLM's /v1/audio/transcriptions endpoint limits compressed upload size but not decoded PCM output. A 25MB…	CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)	CVE-2026-54233	2026-06-25 01:52	2026-06-23	Show	GitHub Exploit DB Packet Storm

1458	8.8	HIGH Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package.…	CWE-427 Uncontrolled Search Path Element	CVE-2026-54232	2026-06-25 01:51	2026-06-23	Show	GitHub Exploit DB Packet Storm

1459	7.5	HIGH Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). From 0.5.5 until 0.23.1rc0, integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels (csrc/quantization/gguf…	CWE-200 CWE-681 Information Exposure Incorrect Conversion between Numeric Types	CVE-2026-53923	2026-06-25 01:51	2026-06-23	Show	GitHub Exploit DB Packet Storm

1460	9.1	CRITICAL Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentica…	CWE-444 HTTP Request Smuggling	CVE-2026-48746	2026-06-25 01:49	2026-06-23	Show	GitHub Exploit DB Packet Storm