Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2121	9.1	緊急 Network	Canonical	LXD	CanonicalのLXDにおける入力確認に関する脆弱性	CWE-20 不適切な入力確認	CVE-2026-34178	2026-04-24 11:30	2026-04-9	Show	GitHub Exploit DB Packet Storm

2122	9.1	緊急 Network	Canonical	LXD	CanonicalのLXDにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-34179	2026-04-24 11:30	2026-04-9	Show	GitHub Exploit DB Packet Storm

2123	5.4	警告 Network	Docmost	Docmost	Docmostにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34212	2026-04-24 11:30	2026-04-14	Show	GitHub Exploit DB Packet Storm

2124	5.4	警告 Network	Docmost	Docmost	Docmostにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-34213	2026-04-24 11:30	2026-04-14	Show	GitHub Exploit DB Packet Storm

2125	6.5	警告 Network	オラクル	PeopleSoft Enterprise HCM Absence Management	オラクルのPeopleSoft Enterprise HCM Absence Managementにおける重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-34266	2026-04-24 11:30	2026-04-21	Show	GitHub Exploit DB Packet Storm

2126	4.9	警告 Network	オラクル	MySQL Server	オラクルのMySQL Serverにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-34267	2026-04-24 11:29	2026-04-21	Show	GitHub Exploit DB Packet Storm

2127	6.1	警告 Network	オラクル	PeopleSoft Enterprise PeopleTools	オラクルのPeopleSoft Enterprise PeopleToolsにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-34269	2026-04-24 11:29	2026-04-21	Show	GitHub Exploit DB Packet Storm

2128	6.5	警告 Network	オラクル	MySQL Server	オラクルのMySQL Serverにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-34270	2026-04-24 11:29	2026-04-21	Show	GitHub Exploit DB Packet Storm

2129	6.5	警告 Network	オラクル	MySQL Server	オラクルのMySQL Serverにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-34271	2026-04-24 11:29	2026-04-21	Show	GitHub Exploit DB Packet Storm

2130	6.5	警告 Network	オラクル	MySQL Server	オラクルのMySQL Serverにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-34272	2026-04-24 11:29	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
391	6.4	MEDIUM Network	-	-	The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi… New	CWE-79 Cross-site Scripting	CVE-2026-7457	2026-05-6 22:06	2026-05-6	Show	GitHub Exploit DB Packet Storm

392	7.5	HIGH Network	-	-	The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of su… New	CWE-89 SQL Injection	CVE-2026-1719	2026-05-6 22:06	2026-05-6	Show	GitHub Exploit DB Packet Storm

393	10.0	CRITICAL Network	vm2_project	vm2	vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0. New	CWE-94 CWE-693 Code Injection Protection Mechanism Failure	CVE-2026-26332	2026-05-6 21:24	2026-05-5	Show	GitHub Exploit DB Packet Storm

394	8.8	HIGH Adjacent	dlink	dir-605l_firmware	D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42372	2026-05-6 21:20	2026-05-5	Show	GitHub Exploit DB Packet Storm

395	8.8	HIGH Adjacent	dlink	dir-605l_firmware	D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42373	2026-05-6 21:19	2026-05-5	Show	GitHub Exploit DB Packet Storm

396	8.8	HIGH Adjacent	dlink	dir-600l_firmware	D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42374	2026-05-6 21:18	2026-05-5	Show	GitHub Exploit DB Packet Storm

397	8.8	HIGH Adjacent	dlink	dir-600l_firmware	D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42375	2026-05-6 21:17	2026-05-5	Show	GitHub Exploit DB Packet Storm

398	-		-	-	A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at… New	CWE-122 CWE-843 Heap-based Buffer Overflow Type Confusion	CVE-2026-6210	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

399	2.7	LOW Network	-	-	HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the … New	CWE-522 Insufficiently Protected Credentials	CVE-2025-62345	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

400	8.8	HIGH Network	-	-	HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma… New	CWE-77 CWE-351 CWE-451 Command Injection Insufficient Type Distinction User Interface (UI) Misrepresentation of Critical Information	CVE-2025-31951	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm