Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229321 6.8 警告 ultimate helpdesk - Ultimate HelpDesk の index.asp におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6380 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229322 7.5 危険 widcomm - BTSaveMySql における設定情報を取得される脆弱性 - CVE-2006-6378 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229323 7.5 危険 uploadscript - Uploadscript における admin パスワードハッシュを取得される脆弱性 - CVE-2006-6377 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229324 6.8 警告 Simple Machines - SMF の display.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6375 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229325 7.5 危険 The phpMyAdmin Project - PhpMyAdmin における CRLF インジェクションの脆弱性 - CVE-2006-6374 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229326 5 警告 The phpMyAdmin Project - PhpMyAdmin における重要な情報を取得される脆弱性 - CVE-2006-6373 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229327 7.5 危険 sergey korostel - PHP Upload Center の activate.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6360 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229328 6.8 警告 stefan frech - Stefan Frech online-bookmarks におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6359 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229329 7.5 危険 stefan frech - Stefan Frech online-bookmarks の auth.inc における SQL インジェクションの脆弱性 - CVE-2006-6358 2012-12-20 18:02 2006-12-7 Show GitHub Exploit DB Packet Storm
229330 7.5 危険 SAP - SAP IGS におけるディレクトリトラバーサルの脆弱性 - CVE-2006-6345 2012-12-20 18:02 2006-12-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1581 - - - Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an au… - CVE-2026-38991 2026-04-30 01:16 2026-04-30 Show GitHub Exploit DB Packet Storm
1582 - - - Cross-Site Scripting (XSS) vulnerability exists in HTMLy version 3.1.1 in the content creation functionality at the /add/content?type=image endpoint. The application fails to properly sanitize user i… - CVE-2026-38949 2026-04-30 01:16 2026-04-29 Show GitHub Exploit DB Packet Storm
1583 6.1 MEDIUM
Network 		- - A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the uns… CWE-79
Cross-site Scripting 		CVE-2026-37750 2026-04-30 01:16 2026-04-29 Show GitHub Exploit DB Packet Storm
1584 7.5 HIGH
Network 		- - TOTOLINK A3002RU V3 <= V3.0.0-B20220304.1804 was discovered to contain a stack-based buffer overflow via the hostname parameter in the formMapDelDevice function. CWE-121
Stack-based Buffer Overflow 		CVE-2026-36837 2026-04-30 01:16 2026-04-30 Show GitHub Exploit DB Packet Storm
1585 3.3 LOW
Local 		uutils coreutils A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the [:graph:] and [:print:] character classes. The implementation mistakenly includes the ASCII space char… CWE-684
 Incorrect Provision of Specified Functionality 		CVE-2026-35379 2026-04-30 00:59 2026-04-23 Show GitHub Exploit DB Packet Storm
1586 5.5 MEDIUM
Local 		uutils coreutils A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' (two single quotes) as an empty delimiter. The implementation mistakenl… CWE-20
NVD-CWE-noinfo
 Improper Input Validation  		CVE-2026-35380 2026-04-30 00:57 2026-04-23 Show GitHub Exploit DB Packet Storm
1587 5.4 MEDIUM
Network 		openclaw openclaw OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component… CWE-351
 Insufficient Type Distinction 		CVE-2026-41341 2026-04-30 00:56 2026-04-24 Show GitHub Exploit DB Packet Storm
1588 8.1 HIGH
Adjacent 		openclaw openclaw OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists unauthenticated discovery endpoints without explicit trust confirmation. Att… CWE-346
 Origin Validation Error 		CVE-2026-41342 2026-04-30 00:55 2026-04-24 Show GitHub Exploit DB Packet Storm
1589 8.8 HIGH
Network 		openclaw openclaw OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attack… CWE-863
 Incorrect Authorization 		CVE-2026-41344 2026-04-30 00:52 2026-04-24 Show GitHub Exploit DB Packet Storm
1590 10.0 CRITICAL
Network 		voidzero vite\+ Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A… CWE-22
Path Traversal 		CVE-2026-41211 2026-04-30 00:49 2026-04-23 Show GitHub Exploit DB Packet Storm