Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 7, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2281	9.6	緊急 Network	Ivanti	Xtraction	IvantiのXtractionにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2026-8043	2026-05-15 10:54	2026-05-12	Show	GitHub Exploit DB Packet Storm

2282	7.5	重要 Network	pillarjs	multiparty	pillarjsのmultipartyにおける非効率的な正規表現の複雑さに関する脆弱性	CWE-1333 非効率的な正規表現の複雑さ	CVE-2026-8159	2026-05-15 10:54	2026-05-12	Show	GitHub Exploit DB Packet Storm

2283	7.5	重要 Network	pillarjs	multiparty	pillarjsのmultipartyにおける複数の脆弱性	CWE-1321 CWE-248	CVE-2026-8161	2026-05-15 10:53	2026-05-12	Show	GitHub Exploit DB Packet Storm

2284	7.5	重要 Network	pillarjs	multiparty	pillarjsのmultipartyにおける例外的な状態の処理に関する脆弱性	CWE-755 例外的な状態における不適切な処理	CVE-2026-8162	2026-05-15 10:53	2026-05-12	Show	GitHub Exploit DB Packet Storm

2285	5.3	警告 Network	Leon Timmermans	Crypt::Argon2	Leon TimmermansのCrypt::Argon2における複数の脆弱性	CWE-126 CWE-191	CVE-2026-8463	2026-05-15 10:53	2026-05-13	Show	GitHub Exploit DB Packet Storm

2286	7.2	重要 Network	IBM	IBM Security Verify Directory	IBMのIBM Security Verify Directoryにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-36074	2026-05-15 10:53	2026-04-23	Show	GitHub Exploit DB Packet Storm

2287	8.8	重要 Local		-	アップルのmacOSにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2025-43524	2026-05-15 10:53	2026-05-12	Show	GitHub Exploit DB Packet Storm

2288	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性	CWE-401 有効期限後のメモリの解放の欠如	CVE-2025-71287	2026-05-15 10:53	2026-05-6	Show	GitHub Exploit DB Packet Storm

2289	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性	CWE-401 有効期限後のメモリの解放の欠如	CVE-2025-71288	2026-05-15 10:53	2026-05-6	Show	GitHub Exploit DB Packet Storm

2290	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2025-71289	2026-05-15 10:53	2026-05-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
318821	8.6	HIGH Network	rocket.chat	rocket.chat	A Server-Side Request Forgery (SSRF) affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-39713	2024-09-7 02:35	2024-08-5	Show	GitHub Exploit DB Packet Storm

318822	-		-	-	The UsersWP WordPress plugin before 1.2.12 uses predictable filenames when an admin generates an export, which could allow unauthenticated attackers to download them and retrieve sensitive informati…	-	CVE-2024-6477	2024-09-7 02:35	2024-08-3	Show	GitHub Exploit DB Packet Storm

318823	7.2	HIGH Network	teamt5	threatsonar_anti-ransomware	ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, w…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-7694	2024-09-7 02:24	2024-08-12	Show	GitHub Exploit DB Packet Storm

318824	5.4	MEDIUM Network	wpextended	wp_extended	The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicate_post function due…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-8123	2024-09-7 02:20	2024-09-4	Show	GitHub Exploit DB Packet Storm

318825	6.1	MEDIUM Network	cisco	unified_communications_manager	A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could a…	CWE-79 Cross-site Scripting	CVE-2024-20488	2024-09-7 02:18	2024-08-22	Show	GitHub Exploit DB Packet Storm

318826	-		-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-45294. Reason: This candidate is a duplicate of CVE-2024-45294. Notes: All CVE users should reference CVE-2024-452…	-	CVE-2024-45295	2024-09-7 02:15	2024-09-7	Show	GitHub Exploit DB Packet Storm

318827	-		-	-	The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prio…	-	CVE-2024-45294	2024-09-7 02:15	2024-09-7	Show	GitHub Exploit DB Packet Storm

318828	9.8	CRITICAL Network	mozilla	thunderbird firefox_esr firefox	Memory safety bugs present in Firefox 129, Firefox ESR 128.1, and Thunderbird 128.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could…	CWE-787 Out-of-bounds Write	CVE-2024-8387	2024-09-7 02:15	2024-09-3	Show	GitHub Exploit DB Packet Storm

318829	9.8	CRITICAL Network	mozilla	firefox firefox_esr	A difference in the handling of StructFields and ArrayTypes in WASM could be used to trigger an exploitable type confusion vulnerability. This vulnerability affects Firefox < 130, Firefox ESR < 128.2…	CWE-843 Type Confusion	CVE-2024-8385	2024-09-7 02:15	2024-09-3	Show	GitHub Exploit DB Packet Storm

318830	9.8	CRITICAL Network	mozilla	firefox_esr firefox	The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption. This vulner…	CWE-787 Out-of-bounds Write	CVE-2024-8384	2024-09-7 02:15	2024-09-3	Show	GitHub Exploit DB Packet Storm