Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1821	9.8	緊急 Network	Elasticsearch B.V.	Logstash	Elasticsearch B.V.のLogstashにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-33466	2026-04-23 10:13	2026-04-8	Show	GitHub Exploit DB Packet Storm

1822	4.3	警告 Network	EspoCRM	EspoCRM	EspoCRMにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-33534	2026-04-23 10:13	2026-04-13	Show	GitHub Exploit DB Packet Storm

1823	7.8	重要 Local	Craig J. Bass (craigjbass)	ClearanceKit	Craig J. Bass (craigjbass)のClearanceKitにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-33632	2026-04-23 10:13	2026-03-26	Show	GitHub Exploit DB Packet Storm

1824	5.4	警告 Network	EspoCRM	EspoCRM	EspoCRMにおける複数の脆弱性	CWE-116 CWE-80	CVE-2026-33657	2026-04-23 10:13	2026-04-13	Show	GitHub Exploit DB Packet Storm

1825	3.1	低 Network	EspoCRM	EspoCRM	EspoCRMにおける複数の脆弱性	CWE-367 CWE-918	CVE-2026-33659	2026-04-23 10:12	2026-04-13	Show	GitHub Exploit DB Packet Storm

1826	5.4	警告 Network	EspoCRM	EspoCRM	EspoCRMにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-33740	2026-04-23 10:12	2026-04-13	Show	GitHub Exploit DB Packet Storm

1827	5.3	警告 Network	The Go Project	tiff	The Go Projectのtiffにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-33809	2026-04-23 10:12	2026-03-25	Show	GitHub Exploit DB Packet Storm

1828	5.5	警告 Local	jqlang	jq	jqlangのjqにおける再帰制御に関する脆弱性	CWE-674 不適切な再帰制御	CVE-2026-33947	2026-04-23 10:12	2026-04-13	Show	GitHub Exploit DB Packet Storm

1829	5.3	警告 Network	jqlang	jq	jqlangのjqにおける複数の脆弱性	CWE-170 CWE-20	CVE-2026-33948	2026-04-23 10:12	2026-04-14	Show	GitHub Exploit DB Packet Storm

1830	4.3	警告 Network	openwebui	open webui	openwebuiのopen webuiにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-34225	2026-04-23 10:12	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
314291	-		dlink	dsl-504t_firmware	D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecf…	CWE-425 Direct Request ('Forced Browsing')	CVE-2005-1827	2024-01-26 06:08	2005-05-26	Show	GitHub Exploit DB Packet Storm

314292	-		postnuke	postnuke	PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) …	CWE-425 Direct Request ('Forced Browsing')	CVE-2005-1698	2024-01-26 06:08	2005-05-24	Show	GitHub Exploit DB Packet Storm

314293	-		episodex	episodex_guestbook	episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.	CWE-425 Direct Request ('Forced Browsing')	CVE-2005-1685	2024-01-26 06:07	2005-05-20	Show	GitHub Exploit DB Packet Storm

314294	9.1	CRITICAL Network	midicart	midicart_php midicart_php_plus midicart_php_maxi	MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to adm…	CWE-425 Direct Request ('Forced Browsing')	CVE-2002-1798	2024-01-26 06:04	2002-12-31	Show	GitHub Exploit DB Packet Storm

314295	-		hostingcontroller	hosting_controller	Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.	CWE-425 Direct Request ('Forced Browsing')	CVE-2005-1654	2024-01-26 06:03	2005-05-18	Show	GitHub Exploit DB Packet Storm

314296	-		yusasp	web_asset_manager	YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.	CWE-425 Direct Request ('Forced Browsing')	CVE-2005-1668	2024-01-26 06:03	2005-05-18	Show	GitHub Exploit DB Packet Storm

314297	7.5	HIGH Network	iomega	nas_a300u_firmware	The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2002-1949	2024-01-26 06:00	2002-12-31	Show	GitHub Exploit DB Packet Storm

314298	7.5	HIGH Network	procom	netforce_800_firmware	Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain t…	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2005-3140	2024-01-26 05:58	2005-10-6	Show	GitHub Exploit DB Packet Storm

314299	-		solarwinds	dameware_mini_remote_control	DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2004-1852	2024-01-26 05:57	2004-03-23	Show	GitHub Exploit DB Packet Storm

314300	5.5	MEDIUM Local	macromedia	coldfusion	ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without usin…	CWE-470 Unsafe Reflection	CVE-2004-2331	2024-01-25 11:16	2004-12-31	Show	GitHub Exploit DB Packet Storm