Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 5, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1451	5.3	警告 Network	Apache Software Foundation	Apache log4net	Apache Software FoundationのApache log4netにおけるエンコードおよびエスケープに関する脆弱性	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2026-40021	2026-04-24 11:42	2026-04-10	Show	GitHub Exploit DB Packet Storm

1452	5.3	警告 Network	Daniel Gatis	Rembg	Daniel GatisのRembgにおける複数の脆弱性	CWE-22 CWE-73	CVE-2026-40086	2026-04-24 11:42	2026-04-10	Show	GitHub Exploit DB Packet Storm

1453	5.4	警告 Network	FUTO	Immich	FUTOのImmichにおける複数の脆弱性	CWE-601 CWE-79	CVE-2026-40096	2026-04-24 11:42	2026-04-15	Show	GitHub Exploit DB Packet Storm

1454	8.2	重要 Network	XWiki	xwiki	XWikiのxwikiにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-40104	2026-04-24 11:41	2026-04-15	Show	GitHub Exploit DB Packet Storm

1455	6.1	警告 Network	XWiki	xwiki	XWikiのxwikiにおけるクロスサイトスクリプティングの脆弱性	CWE-80 クロスサイトスクリプティング (Basic XSS)	CVE-2026-40105	2026-04-24 11:41	2026-04-15	Show	GitHub Exploit DB Packet Storm

1456	6.1	警告 Network	Prometheus	Prometheus	Prometheusにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40179	2026-04-24 11:41	2026-04-15	Show	GitHub Exploit DB Packet Storm

1457	7.5	重要 Network	Python Software Foundation	Python Pillow	Python Software FoundationのPython Pillowにおける複数の脆弱性	CWE-400 CWE-770	CVE-2026-40192	2026-04-24 11:41	2026-04-15	Show	GitHub Exploit DB Packet Storm

1458	8.2	重要 Network	maddy project	maddy	maddy projectのmaddyにおけるLDAP インジェクションの脆弱性	CWE-90 LDAP インジェクション	CVE-2026-40193	2026-04-24 11:41	2026-04-16	Show	GitHub Exploit DB Packet Storm

1459	7.1	重要 Local	OpenEXR	OpenEXR	OpenEXRにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-40244	2026-04-24 11:41	2026-04-21	Show	GitHub Exploit DB Packet Storm

1460	7.1	重要 Local	OpenEXR	OpenEXR	OpenEXRにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-40250	2026-04-24 11:41	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
347651	-	maildrop	maildrop	lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.	NVD-CWE-Other	CVE-2005-2655	2008-09-6 05:52	2005-08-31	Show	GitHub Exploit DB Packet Storm

347652	-	polygen	polygen	Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unautho…	NVD-CWE-Other	CVE-2005-2656	2008-09-6 05:52	2005-09-7	Show	GitHub Exploit DB Packet Storm

347653	-	softwolves_software	turquoise_superstat	Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month.	NVD-CWE-Other	CVE-2005-2658	2008-09-6 05:52	2005-09-16	Show	GitHub Exploit DB Packet Storm

347654	-	apachetop	apachetop	apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug.	NVD-CWE-Other	CVE-2005-2660	2008-09-6 05:52	2005-10-1	Show	GitHub Exploit DB Packet Storm

347655	-	hauri	livecall virobot_advanced_server virobot_expert virobot_linux_server	Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via "…	NVD-CWE-Other	CVE-2005-2670	2008-09-6 05:52	2005-08-23	Show	GitHub Exploit DB Packet Storm

347656	-	woltlab	burning_board	SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters.	NVD-CWE-Other	CVE-2005-2673	2008-09-6 05:52	2005-08-23	Show	GitHub Exploit DB Packet Storm

347657	-	coppermine	coppermine_photo_gallery	Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.	NVD-CWE-Other	CVE-2005-2676	2008-09-6 05:52	2005-08-23	Show	GitHub Exploit DB Packet Storm

347658	-	acnews	acnews	ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the ful…	NVD-CWE-Other	CVE-2005-2677	2008-09-6 05:52	2005-08-23	Show	GitHub Exploit DB Packet Storm

347659	-	sysinternals	process_explorer	Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a ru…	NVD-CWE-Other	CVE-2005-2679	2008-09-6 05:52	2005-08-23	Show	GitHub Exploit DB Packet Storm

347660	-	-	-	nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query.	NVD-CWE-Other	CVE-2005-2684	2008-09-6 05:52	2005-08-23	Show	GitHub Exploit DB Packet Storm