Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 4, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1601 5.3 警告
Network 		HCL Technologies Limited HCL BigFix Service Management (SM) HCL Technologies LimitedのHCL BigFix Service Management (SM)における重要な情報の平文での送信に関する脆弱性 CWE-319
重要な情報の平文での送信 		CVE-2025-31981 2026-04-24 11:34 2026-04-21 Show GitHub Exploit DB Packet Storm
1602 6.1 警告
Network 		WSO2 WSO2 API Manager
WSO2 Identity Server 		WSO2のWSO2 API Manager等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-6024 2026-04-24 11:34 2026-04-16 Show GitHub Exploit DB Packet Storm
1603 6.5 警告
Network 		フォーティネット FortiOS
FortiPAM
FortiProxy
FortiSwitch Manager 		フォーティネットのFortiOS等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-61624 2026-04-24 11:34 2026-04-14 Show GitHub Exploit DB Packet Storm
1604 5.4 警告
Network 		フォーティネット FortiSandbox
FortiSandbox Cloud 		フォーティネットのFortiSandbox等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-61886 2026-04-24 11:34 2026-04-14 Show GitHub Exploit DB Packet Storm
1605 5.3 警告
Network 		Apache Software Foundation Apache Doris-MCP-Server Apache Software FoundationのApache Doris-MCP-ServerにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2025-66335 2026-04-24 11:34 2026-04-20 Show GitHub Exploit DB Packet Storm
1606 6.5 警告
Network 		フォーティネット FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiManager 		フォーティネットのFortiAnalyzer等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-68649 2026-04-24 11:34 2026-04-14 Show GitHub Exploit DB Packet Storm
1607 8.4 重要
Local 		Nitro Software Inc. Nitro PDF Pro Nitro Software Inc.のNitro PDF Proにおける解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2025-69627 2026-04-24 11:34 2026-04-13 Show GitHub Exploit DB Packet Storm
1608 4.3 警告
Network 		Fortra GoAnywhere Managed File Transfer FortraのGoAnywhere Managed File Transferにおけるセッション期限に関する脆弱性 CWE-613
不適切なセッション期限 		CVE-2026-0971 2026-04-24 11:34 2026-04-21 Show GitHub Exploit DB Packet Storm
1609 5.4 警告
Network 		Fortra GoAnywhere Managed File Transfer FortraのGoAnywhere Managed File Transferにおけるインジェクションに関する脆弱性 CWE-74
インジェクション 		CVE-2026-0972 2026-04-24 11:34 2026-04-21 Show GitHub Exploit DB Packet Storm
1610 6.5 警告
Network 		Fortra GoAnywhere Managed File Transfer FortraのGoAnywhere Managed File Transferにおけるインジェクションに関する脆弱性 CWE-74
インジェクション 		CVE-2026-1089 2026-04-24 11:34 2026-04-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 4, 2026, 4:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
271 8.2 HIGH
Network 		traefik traefik Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a high severity authentication bypass vulnerability in Traefik's StripPrefixRegex middl… New CWE-706
 Use of Incorrectly-Resolved Name or Reference 		CVE-2026-40912 2026-05-2 02:42 2026-05-1 Show GitHub Exploit DB Packet Storm
272 7.1 HIGH
Network 		dell idrac10_firmware Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privilege… Update CWE-522
 Insufficiently Protected Credentials 		CVE-2026-35155 2026-05-2 02:40 2026-04-29 Show GitHub Exploit DB Packet Storm
273 6.1 MEDIUM
Network 		wso2 identity_server The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious Java… Update CWE-79
Cross-site Scripting 		CVE-2025-10503 2026-05-2 02:40 2026-04-29 Show GitHub Exploit DB Packet Storm
274 6.4 MEDIUM
Network 		traefik traefik Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolatio… New CWE-653
CWE-863
 Improper Isolation or Compartmentalization
 Incorrect Authorization 		CVE-2026-41174 2026-05-2 02:39 2026-05-1 Show GitHub Exploit DB Packet Storm
275 5.5 MEDIUM
Local 		samsung android Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application. Update NVD-CWE-noinfo
CVE-2026-21023 2026-05-2 02:39 2026-04-29 Show GitHub Exploit DB Packet Storm
276 3.7 LOW
Network 		traefik traefik Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a timing side-channel vulnerability in Traefik's BasicAuth middleware that allows an at… New CWE-208
 Information Exposure Through Timing Discrepancy 		CVE-2026-41263 2026-05-2 02:37 2026-05-1 Show GitHub Exploit DB Packet Storm
277 4.3 MEDIUM
Network 		- - A vulnerability has been found in Open5GS up to 2.7.7. This vulnerability affects the function amf_nsmf_pdusession_handle_update_sm_context of the file /src/amf/nsmf-handler.c of the component AMF. T… New CWE-404
 Improper Resource Shutdown or Release 		CVE-2026-7587 2026-05-2 02:16 2026-05-2 Show GitHub Exploit DB Packet Storm
278 - - - AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but … New - CVE-2026-42485 2026-05-2 02:16 2026-05-2 Show GitHub Exploit DB Packet Storm
279 - - - Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name. New - CVE-2026-37538 2026-05-2 02:16 2026-05-2 Show GitHub Exploit DB Packet Storm
280 8.1 HIGH
Adjacent 		- - collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At… New - CVE-2026-37537 2026-05-2 02:16 2026-05-2 Show GitHub Exploit DB Packet Storm