Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 25, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
811	8.8	重要 Network	オラクル	Oracle Process Manufacturing Process Planning	オラクルのOracle Process Manufacturing Process Planningにおける複数の脆弱性	CWE-269 CWE-284 CWE-287 CWE-306	CVE-2026-46942	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

812	8.8	重要 Network	オラクル	Oracle Quality	オラクルのOracle Qualityにおける複数の脆弱性	CWE-269 CWE-287 CWE-306	CVE-2026-46951	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

813	8.8	重要 Network	オラクル	Oracle Quality	オラクルのOracle Qualityにおける複数の脆弱性	CWE-269 CWE-287 CWE-306	CVE-2026-46952	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

814	7.2	重要 Network	オラクル	Oracle Human Resource Management Software	オラクルのOracle Human Resource Management Softwareにおける権限管理に関する脆弱性	CWE-269 不適切な権限管理	CVE-2026-46953	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

815	7.2	重要 Network	オラクル	Oracle Property Manager	オラクルのOracle Property Managerにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46956	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

816	7.2	重要 Network	オラクル	Oracle Project Portfolio Analysis	オラクルのOracle Project Portfolio Analysisにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46960	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

817	8.8	重要 Network	オラクル	Oracle Project Portfolio Analysis	オラクルのOracle Project Portfolio Analysisにおける複数の脆弱性	CWE-269 CWE-287 CWE-306	CVE-2026-46961	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

818	8.8	重要 Network	オラクル	Oracle Project Portfolio Analysis	オラクルのOracle Project Portfolio Analysisにおける複数の脆弱性	CWE-269 CWE-287 CWE-306	CVE-2026-46962	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

819	7.2	重要 Network	オラクル	Oracle Financials for EMEA	オラクルのOracle Financials for EMEAにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-46969	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

820	7.2	重要 Network	オラクル	Oracle HR Intelligence	オラクルのOracle HR Intelligenceにおける権限管理に関する脆弱性	CWE-269 不適切な権限管理	CVE-2026-46970	2026-06-22 11:33	2026-06-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 25, 2026, 4:04 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
259511	8.8	HIGH Network	gaku	tablacus_explorer	Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.	CWE-74 Injection	CVE-2017-2140	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259512	5.3	MEDIUM Network	frogman_office_inc	cs-cart	CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction…	CWE-425 Direct Request ('Forced Browsing')	CVE-2017-2139	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259513	3.7	LOW Network	netgear	prosafe_plus_configuration_utility	ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.	NVD-CWE-noinfo	CVE-2017-2137	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259514	6.1	MEDIUM Network	wp_statistics	wp_statistics	Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.	CWE-79 Cross-site Scripting	CVE-2017-2136	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259515	6.1	MEDIUM Network	wp-statistics	wp_statistics	Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2017-2135	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259516	6.1	MEDIUM Network	uchida	assetbase	Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2017-2134	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259517	7.8	HIGH Local	securebrain	phishwall_client	Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unsp…	CWE-426 Untrusted Search Path	CVE-2017-2130	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259518	8.8	HIGH Network	information-technology_promotion_agency	introduction_to_safe_website_operation	Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.	CWE-78 OS Command	CVE-2017-2128	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259519	5.4	MEDIUM Network	yop-poll	yop_poll	Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2017-2127	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm

259520	8.8	HIGH Network	allied_telesis_k.k.	centrecom_ar260s_v2_firmware	Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.	NVD-CWE-noinfo	CVE-2017-2125	2024-11-21 12:22	2017-04-29	Show	GitHub Exploit DB Packet Storm