Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
11	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性 New	CWE-noinfo 情報不足	CVE-2026-31777	2026-05-8 12:24	2026-05-1	Show	GitHub Exploit DB Packet Storm

12	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける境界外書き込みに関する脆弱性 New	CWE-787 境界外書き込み	CVE-2026-31786	2026-05-8 12:23	2026-04-30	Show	GitHub Exploit DB Packet Storm

13	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける二重解放に関する脆弱性 New	CWE-415 二重解放	CVE-2026-31787	2026-05-8 12:23	2026-04-30	Show	GitHub Exploit DB Packet Storm

14	7.8	重要 Local	マイクロソフト	Azure Monitor Agent	Azure Monitor エージェントの特権昇格の脆弱性 New	CWE-20 不適切な入力確認	CVE-2026-32168	2026-05-8 12:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

15	7.8	重要 Local	マイクロソフト	Azure Monitor Agent	Azure Monitor エージェントの特権昇格の脆弱性 New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-32192	2026-05-8 12:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

16	5.9	警告 Network	マイクロソフト	Microsoft .NET Framework	.NET Framework のサービス拒否の脆弱性 New	CWE-362 競合状態	CVE-2026-32226	2026-05-8 12:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

17	8.8	重要 Network	Kubernetes	ingress-nginx	Kubernetesのingress-nginxにおける入力確認に関する脆弱性 New	CWE-20 CWE-noinfo	CVE-2026-3288	2026-05-8 12:23	2026-03-9	Show	GitHub Exploit DB Packet Storm

18	7.5	重要 Network	マイクロソフト	Microsoft .NET Framework .NET	.NET、.NET Framework、Visual Studio のサービス拒否の脆弱性 New	CWE-20 CWE-400 CWE-835	CVE-2026-33116	2026-05-8 12:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

19	8.8	重要 Network	マイクロソフト	SQL Server 2016 SQL Server 2017 SQL Server 2022 SQL Server 2019 SQL Server 2025	Microsoft SQL Server のリモートコードが実行される脆弱性 New	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-33120	2026-05-8 12:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

20	5.9	警告 Network	Apache Software Foundation	Apache Log4j	Apache Software FoundationのApache Log4jにおける複数の脆弱性 New	CWE-295 CWE-297	CVE-2026-34477	2026-05-8 12:23	2026-04-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
312671	7.5	HIGH Network	dorsettcontrols	infoscan	Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.	NVD-CWE-noinfo	CVE-2024-39287	2024-08-29 23:23	2024-08-9	Show	GitHub Exploit DB Packet Storm

312672	3.7	LOW Network	dorsettcontrols	infoscan	The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.	CWE-22 Path Traversal	CVE-2024-42408	2024-08-29 23:22	2024-08-9	Show	GitHub Exploit DB Packet Storm

312673	9.0	CRITICAL Network	vrcx-team	vrcx	VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to re…	CWE-79 Cross-site Scripting	CVE-2024-42366	2024-08-29 23:04	2024-08-9	Show	GitHub Exploit DB Packet Storm

312674	4.8	MEDIUM Network	concretecms	concrete_cms	Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVS…	CWE-79 Cross-site Scripting	CVE-2024-7394	2024-08-29 22:41	2024-08-9	Show	GitHub Exploit DB Packet Storm

312675	9.8	CRITICAL Network	havocframework	havoc	An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-41570	2024-08-29 22:32	2024-08-12	Show	GitHub Exploit DB Packet Storm

312676	-		-	-	Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentia…	CWE-788 Access of Memory Location After End of Buffer	CVE-2024-38304	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312677	-		-	-	Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vu…	CWE-20 Improper Input Validation	CVE-2024-38303	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312678	7.2	HIGH Network	-	-	The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticat…	CWE-502 Deserialization of Untrusted Data	CVE-2022-2440	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312679	-		-	-	The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. `aws…	-	CVE-2024-45043	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312680	-		-	-	Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function i…	-	CVE-2024-42905	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm