Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
6941	7.8	重要 Local	マイクロソフト	Microsoft 365 Apps Office Long Term Servicing Channel (LTSC)	Microsoft Word のリモートでコードが実行される脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-33095	2026-05-1 10:48	2026-04-14	Show	GitHub Exploit DB Packet Storm

6942	9.3	緊急 Network	マイクロソフト	Microsoft 365 Copilot	Microsoft 365 Copilot の特権昇格の脆弱性	CWE-601 オープンリダイレクト	CVE-2026-33102	2026-05-1 10:48	2026-04-23	Show	GitHub Exploit DB Packet Storm

6943	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Office Long Term Servicing Channel (LTSC)	Microsoft Word のリモートでコードが実行される脆弱性	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-33114	2026-05-1 10:48	2026-04-14	Show	GitHub Exploit DB Packet Storm

6944	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Office Long Term Servicing Channel (LTSC)	Microsoft Word のリモートでコードが実行される脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-33115	2026-05-1 10:47	2026-04-14	Show	GitHub Exploit DB Packet Storm

6945	7.8	重要 Local	ggml.ai	llama.cpp	ggml.aiのllama.cppにおける複数の脆弱性	CWE-122 CWE-190	CVE-2026-33298	2026-05-1 10:47	2026-03-24	Show	GitHub Exploit DB Packet Storm

6946	6.1	警告 Local	マイクロソフト	Microsoft 365 Apps Office Long Term Servicing Channel (LTSC)	Microsoft Word の情報漏えいの脆弱性	CWE-125 境界外読み取り	CVE-2026-33822	2026-05-1 10:47	2026-04-14	Show	GitHub Exploit DB Packet Storm

6947	5.2	警告 Physics	wolfSSL Inc.	wolfSSL	wolfSSL Inc.のwolfSSLにおけるPRNG におけるシードの不正な使用に関する脆弱性	CWE-335 PRNGにおけるシードの不正な使用	CVE-2026-3503	2026-05-1 10:47	2026-03-19	Show	GitHub Exploit DB Packet Storm

6948	9.8	緊急 Network	wolfSSL Inc.	wolfSSL	wolfSSL Inc.のwolfSSLにおける複数の脆弱性	CWE-122 CWE-787 CWE-787	CVE-2026-3548	2026-05-1 10:47	2026-03-19	Show	GitHub Exploit DB Packet Storm

6949	5.9	警告 Network	VMware	Spring AI	VMwareのSpring AIにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-40966	2026-05-1 10:47	2026-04-28	Show	GitHub Exploit DB Packet Storm

6950	8.6	重要 Network	VMware	Spring AI	VMwareのSpring AIにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-40967	2026-05-1 10:47	2026-04-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 29, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
321	9.8	CRITICAL Network	-	-	The Invoice Generator plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the pravel_invoice_edit_account() AJAX action in versions up to, and including, 1… New	CWE-269 Improper Privilege Management	CVE-2026-12415	2026-06-27 14:16	2026-06-27	Show	GitHub Exploit DB Packet Storm

322	9.6	CRITICAL Network	-	-	A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker mess… New	CWE-862 Missing Authorization	CVE-2026-11807	2026-06-27 14:16	2026-06-24	Show	GitHub Exploit DB Packet Storm

323	7.5	HIGH Network	-	-	Podman is a tool for managing OCI containers and pods. From 1.8.1 until 5.8.4, a container image that contains a environment variable with just a key and no value can trick podman into passing that v… New	CWE-200 CWE-668 Information Exposure Exposure of Resource to Wrong Sphere	CVE-2026-57231	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

324	7.1	HIGH Local	rtklib	rtklib	RTKLIB through 2.4.3 contains an out-of-bounds read vulnerability in getcodepri function when processing unrecognized RINEX observation codes, allowing attackers to trigger denial of service. Crafted… New	CWE-125 Out-of-bounds Read	CVE-2026-56788	2026-06-27 13:17	2026-06-26	Show	GitHub Exploit DB Packet Storm

325	8.8	HIGH Network	-	-	Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and mod… New	CWE-862 Missing Authorization	CVE-2026-56773	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

326	4.3	MEDIUM Network	-	-	RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of … New	CWE-862 Missing Authorization	CVE-2026-55838	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

327	6.3	MEDIUM Local	-	-	mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from local project config before any trust decision, then executes … New	CWE-78 OS Command	CVE-2026-55448	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

328	8.2	HIGH Network	-	-	RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHa… New	CWE-200 CWE-522 CWE-862 CWE-863 Information Exposure Insufficiently Protected Credentials Missing Authorization Incorrect Authorization	CVE-2026-55188	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

329	9.6	CRITICAL Network	-	-	Budibase is an open-source low-code platform. Prior to 3.39.9, `POST /api/pwa/process-zip` at packages/server/src/api/routes/static.ts:24 accepts a builder-uploaded .zip, extracts it with extract-zip… New	CWE-22 CWE-59 Path Traversal Link Following	CVE-2026-54352	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

330	6.5	MEDIUM Network	-	-	Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, the previewFileFromExecution endpoint (GET /api/v1/{tenant}/executions/{executionId}/file/preview) contains … New	CWE-863 Incorrect Authorization	CVE-2026-53577	2026-06-27 13:17	2026-06-27	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed