Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 12:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228491 4.3 警告 SAP - SAP WAS などの Web GUI におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2421 2012-12-20 18:52 2008-05-23 Show GitHub Exploit DB Packet Storm
228492 6.8 警告 stunnel - stunnel の OCSP 関数におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2420 2012-12-20 18:52 2008-05-23 Show GitHub Exploit DB Packet Storm
228493 6.8 警告 sazcart - SazCart の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2411 2012-12-20 18:52 2008-05-22 Show GitHub Exploit DB Packet Storm
228494 7.5 危険 サン・マイクロシステムズ - Sun Java ASP Server の管理アプリケーションサーバにおける認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2008-2406 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228495 7.5 危険 サン・マイクロシステムズ - Sun Java ASP Server における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-2405 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228496 10 危険 サン・マイクロシステムズ - Sun Java ASP Server のリクエスト処理実装におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-2404 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228497 5 警告 サン・マイクロシステムズ - Sun Java ASP Server の Admin Server におけるパスワードハッシュを読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2402 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228498 7.5 危険 サン・マイクロシステムズ - Sun Java ASP Server の Admin Server における任意の新規ファイルにアペンドされる脆弱性 CWE-20
不適切な入力確認 		CVE-2008-2401 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228499 7.2 危険 stunnel - stunnel における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2400 2012-12-20 18:52 2008-05-22 Show GitHub Exploit DB Packet Storm
228500 7.5 危険 wajox software - Wajox Software microSSys CMS の index.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-2396 2012-12-20 18:52 2008-05-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2701 5.9 MEDIUM
Network 		perldancer dancer\ Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the proce… CWE-338
CWE-340
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
 Generation of Predictable Numbers or Identifiers 		CVE-2026-5080 2026-05-5 11:54 2026-04-30 Show GitHub Exploit DB Packet Storm
2702 5.3 MEDIUM
Network 		asrmicro asr1901_firmware
asr1903_firmware 		NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/s… CWE-476
 NULL Pointer Dereference 		CVE-2026-42800 2026-05-5 11:54 2026-04-30 Show GitHub Exploit DB Packet Storm
2703 9.8 CRITICAL
Network 		asrmicro asr1803_firmware Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects … CWE-125
Out-of-bounds Read 		CVE-2026-42799 2026-05-5 11:53 2026-04-30 Show GitHub Exploit DB Packet Storm
2704 9.8 CRITICAL
Network 		oppo coloros_assistant ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. CWE-23
CWE-22
 Relative Path Traversal
Path Traversal 		CVE-2026-22070 2026-05-5 11:53 2026-04-30 Show GitHub Exploit DB Packet Storm
2705 7.5 HIGH
Network 		4d server Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja… CWE-611
XXE 		CVE-2024-39847 2026-05-5 11:51 2026-04-30 Show GitHub Exploit DB Packet Storm
2706 9.8 CRITICAL
Network 		pylixm django-mdeditor All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c… CWE-306
Missing Authentication for Critical Function 		CVE-2025-13030 2026-05-5 11:50 2026-04-30 Show GitHub Exploit DB Packet Storm
2707 4.8 MEDIUM
Network 		gnu wget2 wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpos… CWE-20
 Improper Input Validation  		CVE-2026-1858 2026-05-5 11:47 2026-04-30 Show GitHub Exploit DB Packet Storm
2708 9.8 CRITICAL
Network 		tenda w3002r_firmware
a302_firmware
w309r_firmware 		Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se… CWE-290
 Authentication Bypass by Spoofing 		CVE-2018-25317 2026-05-5 11:46 2026-04-30 Show GitHub Exploit DB Packet Storm
2709 8.8 HIGH
Network 		geovision gv-lpc2011_firmware
gv-lpc2211_firmware 		An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An… CWE-78
OS Command  		CVE-2026-42364 2026-05-5 11:45 2026-05-4 Show GitHub Exploit DB Packet Storm
2710 6.5 MEDIUM
Network 		geovision gv-lpc2011_firmware
gv-lpc2211_firmware 		A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker … CWE-522
 Insufficiently Protected Credentials 		CVE-2026-42367 2026-05-5 11:45 2026-05-4 Show GitHub Exploit DB Packet Storm