Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 7, 2026, 2:09 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2051 5.9 警告
Network 		VMware Spring Framework VMwareのSpring Frameworkにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-22737 2026-04-24 11:33 2026-03-20 Show GitHub Exploit DB Packet Storm
2052 7.2 重要
Network 		デル PowerProtect DP Series Appliance
data domain operating system 		デルのdata domain operating system等の複数製品におけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-23774 2026-04-24 11:33 2026-04-20 Show GitHub Exploit DB Packet Storm
2053 8.7 重要
Network 		decidim decidim Decidim Free Software AssociationのDecidimにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-23891 2026-04-24 11:33 2026-04-13 Show GitHub Exploit DB Packet Storm
2054 4.9 警告
Network 		OctoberCMS October OctoberCMSのOctoberにおける複数の脆弱性 CWE-200
CWE-94
CVE-2026-25125 2026-04-24 11:33 2026-04-14 Show GitHub Exploit DB Packet Storm
2055 6.7 警告
Network 		フォーティネット FortiSandbox
FortiSandbox Cloud 		フォーティネットのFortiSandbox等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-25691 2026-04-24 11:33 2026-04-14 Show GitHub Exploit DB Packet Storm
2056 6.1 警告
Local 		Zulip Zulip Zulipにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-26058 2026-04-24 11:33 2026-04-3 Show GitHub Exploit DB Packet Storm
2057 8.8 重要
Network 		デル PowerProtect DP Series Appliance
data domain operating system 		デルのdata domain operating system等の複数製品における重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2026-26944 2026-04-24 11:33 2026-04-20 Show GitHub Exploit DB Packet Storm
2058 6.1 警告
Network 		Jeremiah Lowin FastMCP Jeremiah LowinのFastMCPにおけるフィルタリングの回避に関する脆弱性 CWE-441
フィルタリング回避 		CVE-2026-27124 2026-04-24 11:33 2026-04-3 Show GitHub Exploit DB Packet Storm
2059 2.7
Network 		フォーティネット FortiSandbox
FortiSandbox Cloud 		フォーティネットのFortiSandbox等の複数製品における認証情報の不十分な保護に関する脆弱性 CWE-522
認証情報の不十分な保護 		CVE-2026-27316 2026-04-24 11:33 2026-04-14 Show GitHub Exploit DB Packet Storm
2060 6.3 警告
Network 		OpenPrinting CUPS OpenPrintingのCUPSにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-27447 2026-04-24 11:32 2026-04-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
314601 - yvesglodt i-man I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2005-1868 2024-01-27 04:07 2005-06-9 Show GitHub Exploit DB Packet Storm
314602 - yapig yapig upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP co… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2005-1881 2024-01-27 04:07 2005-06-6 Show GitHub Exploit DB Packet Storm
314603 - deluxebb deluxebb DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupl… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2006-4558 2024-01-27 04:02 2006-09-6 Show GitHub Exploit DB Packet Storm
314604 - duware_dubanner_project duware_dubanner add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be b… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2006-2428 2024-01-27 04:01 2006-05-17 Show GitHub Exploit DB Packet Storm
314605 - rockliffe mailsite_express Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the ca… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2005-3288 2024-01-27 04:01 2005-10-23 Show GitHub Exploit DB Packet Storm
314606 - linux
canonical
debian
mandriva 		linux_kernel
ubuntu_linux
debian_linux
linux 		The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from … CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2005-3181 2024-01-27 03:56 2005-10-12 Show GitHub Exploit DB Packet Storm
314607 - linux linux_kernel The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activ… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2004-0427 2024-01-27 03:56 2004-07-7 Show GitHub Exploit DB Packet Storm
314608 - openbsd openbsd Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP P… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2004-0222 2024-01-27 03:55 2004-05-4 Show GitHub Exploit DB Packet Storm
314609 - freebsd freebsd Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count fo… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2002-0574 2024-01-27 03:55 2002-07-3 Show GitHub Exploit DB Packet Storm
314610 - proftpd
mandrakesoft
debian
conectiva 		proftpd
mandrake_linux
debian_linux
linux 		Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2001-0136 2024-01-27 03:53 2001-03-12 Show GitHub Exploit DB Packet Storm