Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 12:02 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1781 8.1 重要
Network 		Zcash Foundation Zebra-consensus
Zebrad 		Zcash FoundationのZebra-consensus等の複数製品における誤った要素を使用した比較に関する脆弱性 CWE-1025
誤った要素を使用した比較 		CVE-2026-40880 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
1782 7.5 重要
Network 		Zcash Foundation zebra-network
Zebrad 		Zcash Foundationのzebra-network等の複数製品における制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-40881 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
1783 6.5 警告
Network 		Frappe Frappe HR FrappeのFrappe HRにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-40888 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
1784 6.5 警告
Network 		Frappe Frappe HR FrappeのFrappe HRにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-40889 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
1785 8.8 重要
Network 		Jos de Jong math.js Math.jsにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性 CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更 		CVE-2026-40897 2026-04-30 12:12 2026-04-24 Show GitHub Exploit DB Packet Storm
1786 8.8 重要
Network 		Paperclip paperclipai PaperclipのpaperclipaiにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-41208 2026-04-30 12:12 2026-04-23 Show GitHub Exploit DB Packet Storm
1787 6.5 警告
Network 		Frappe Frappe HR FrappeのFrappe HRにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-41320 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
1788 7.5 重要
Network 		chargepoint Home Flex CPH50 Firmware ChargePoint, Inc.のHome Flex CPH50 Firmwareにおける重要な情報を含むソースコードに関する脆弱性 CWE-540
機密情報を含むソースコード 		CVE-2026-4155 2026-04-30 12:12 2026-04-11 Show GitHub Exploit DB Packet Storm
1789 7.5 重要
Adjacent 		chargepoint Home Flex CPH50 Firmware ChargePoint, Inc.のHome Flex CPH50 Firmwareにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-121
スタックオーバーフロー 		CVE-2026-4156 2026-04-30 12:12 2026-04-11 Show GitHub Exploit DB Packet Storm
1790 7.5 重要
Adjacent 		chargepoint Home Flex CPH50 Firmware ChargePoint, Inc.のHome Flex CPH50 FirmwareにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-4157 2026-04-30 12:12 2026-04-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
313571 6.5 MEDIUM
Network 		oretnom23 computer_laboratory_management_system Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete ca… NVD-CWE-noinfo
CVE-2024-41332 2024-08-22 03:53 2024-08-12 Show GitHub Exploit DB Packet Storm
313572 9.8 CRITICAL
Network 		tenda fh1206_firmware A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manip… CWE-787
 Out-of-bounds Write 		CVE-2024-7615 2024-08-22 03:48 2024-08-12 Show GitHub Exploit DB Packet Storm
313573 9.8 CRITICAL
Network 		tenda fh1206_firmware A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument p… CWE-787
 Out-of-bounds Write 		CVE-2024-7614 2024-08-22 03:48 2024-08-12 Show GitHub Exploit DB Packet Storm
313574 9.8 CRITICAL
Network 		tenda fh1206_firmware A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argume… CWE-787
 Out-of-bounds Write 		CVE-2024-7613 2024-08-22 03:47 2024-08-12 Show GitHub Exploit DB Packet Storm
313575 - - - An issue in the downloader.php component of TOSEI online store management system v4.02, v4.03, and v4.04 allows attackers to execute a directory traversal. - CVE-2024-43022 2024-08-22 03:35 2024-08-22 Show GitHub Exploit DB Packet Storm
313576 8.8 HIGH
Network 		pligg pligg_cms Pligg CMS v2.0.2 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/submit_page.php. CWE-352
 Origin Validation Error 		CVE-2024-42608 2024-08-22 03:35 2024-08-20 Show GitHub Exploit DB Packet Storm
313577 8.8 HIGH
Network 		siamonhasan warehouse_inventory_system A Cross-Site Request Forgery (CSRF) in the component add_group.php of Warehouse Inventory System v2.0 allows attackers to escalate privileges. CWE-352
 Origin Validation Error 		CVE-2024-42579 2024-08-22 03:35 2024-08-20 Show GitHub Exploit DB Packet Storm
313578 - - - In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not neede… - CVE-2024-20083 2024-08-22 03:35 2024-08-14 Show GitHub Exploit DB Packet Storm
313579 8.8 HIGH
Network 		ivanti endpoint_manager_mobile An insecure deserialization vulnerability in web component of EPMM prior to 12.1.0.1 allows an authenticated remote attacker to execute arbitrary commands on the underlying operating system of the ap… CWE-502
 Deserialization of Untrusted Data 		CVE-2024-36131 2024-08-22 03:35 2024-08-7 Show GitHub Exploit DB Packet Storm
313580 9.6 CRITICAL
Network 		koha koha Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via the additonal-contents.pl component. CWE-79
Cross-site Scripting 		CVE-2024-28740 2024-08-22 03:35 2024-08-7 Show GitHub Exploit DB Packet Storm