Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 4:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
225531	7.5	危険	silcnet	-	SILC Toolkit などの lib/silcclient/command.c におけるフォーマットストリングの脆弱性	CWE-134 書式文字列の問題	CVE-2009-3163	2012-12-20 19:28	2009-09-10	Show	GitHub Exploit DB Packet Storm

225532	4.3	警告	x10media	-	x10 MP3 Search engine におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-3153	2012-12-20 19:28	2009-09-10	Show	GitHub Exploit DB Packet Storm

225533	5	警告	ultrize	-	Ultrize TimeSheet の actions/downloadFile.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-3151	2012-12-20 19:28	2009-09-10	Show	GitHub Exploit DB Packet Storm

225534	7.5	危険	portalxp	-	PortalXP Teacher Edition における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-3148	2012-12-20 19:28	2009-09-10	Show	GitHub Exploit DB Packet Storm

225535	5	警告	visavi	-	Wap-Motor の gallery/gallery.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-3123	2012-12-20 19:28	2009-09-9	Show	GitHub Exploit DB Packet Storm

225536	7.5	危険	x-iweb.ru	-	PHP-Fusion 用の dsmsf モジュールにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-3119	2012-12-20 19:28	2009-09-9	Show	GitHub Exploit DB Packet Storm

225537	7.5	危険	snowhall	-	Snow Hall Silurus System の category.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-3117	2012-12-20 19:28	2009-09-9	Show	GitHub Exploit DB Packet Storm

225538	7.5	危険	Uiga	-	Uiga Church Portal の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-3116	2012-12-20 19:28	2009-09-9	Show	GitHub Exploit DB Packet Storm

225539	5	警告	SolarWinds	-	SolarWinds TFTP Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2009-3115	2012-12-20 19:28	2009-09-9	Show	GitHub Exploit DB Packet Storm

225540	5.8	警告	シマンテック	-	Symantec Altiris Deployment Solution のファイル転送機能における重要なファイルを読み取られる脆弱性	CWE-362 競合状態	CVE-2009-3110	2012-12-20 19:28	2009-08-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
391	6.4	MEDIUM Network	-	-	The LatePoint plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to and including 5.5.0. This is due to insufficient input sanitization on the customer cabinet profi… New	CWE-79 Cross-site Scripting	CVE-2026-7457	2026-05-6 22:06	2026-05-6	Show	GitHub Exploit DB Packet Storm

392	7.5	HIGH Network	-	-	The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to insufficient escaping on the user supplied parameter and lack of su… New	CWE-89 SQL Injection	CVE-2026-1719	2026-05-6 22:06	2026-05-6	Show	GitHub Exploit DB Packet Storm

393	10.0	CRITICAL Network	vm2_project	vm2	vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0. New	CWE-94 CWE-693 Code Injection Protection Mechanism Failure	CVE-2026-26332	2026-05-6 21:24	2026-05-5	Show	GitHub Exploit DB Packet Storm

394	8.8	HIGH Adjacent	dlink	dir-605l_firmware	D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42372	2026-05-6 21:20	2026-05-5	Show	GitHub Exploit DB Packet Storm

395	8.8	HIGH Adjacent	dlink	dir-605l_firmware	D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42373	2026-05-6 21:19	2026-05-5	Show	GitHub Exploit DB Packet Storm

396	8.8	HIGH Adjacent	dlink	dir-600l_firmware	D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42374	2026-05-6 21:18	2026-05-5	Show	GitHub Exploit DB Packet Storm

397	8.8	HIGH Adjacent	dlink	dir-600l_firmware	D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-42375	2026-05-6 21:17	2026-05-5	Show	GitHub Exploit DB Packet Storm

398	-		-	-	A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at… New	CWE-122 CWE-843 Heap-based Buffer Overflow Type Confusion	CVE-2026-6210	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

399	2.7	LOW Network	-	-	HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the … New	CWE-522 Insufficiently Protected Credentials	CVE-2025-62345	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

400	8.8	HIGH Network	-	-	HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma… New	CWE-77 CWE-351 CWE-451 Command Injection Insufficient Type Distinction User Interface (UI) Misrepresentation of Critical Information	CVE-2025-31951	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm