Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229411	5	警告	xyssl	-	XySSL におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2008-7129	2012-12-20 19:10	2009-08-31	Show	GitHub Exploit DB Packet Storm

229412	7.5	危険	xyssl	-	XySSL の ssl_parse_client_key_exchange 関数における鍵を回復される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-7128	2012-12-20 19:10	2009-08-31	Show	GitHub Exploit DB Packet Storm

229413	7.5	危険	zkup	-	zKup CMS における管理者権限を取得される脆弱性	CWE-287 不適切な認証	CVE-2008-7124	2012-12-20 19:10	2009-08-31	Show	GitHub Exploit DB Packet Storm

229414	6.8	警告	zkup	-	zKup CMS の admin/configuration/modifier.php における任意の PHP コード挿入される脆弱性	CWE-94 コード・インジェクション	CVE-2008-7123	2012-12-20 19:10	2009-08-31	Show	GitHub Exploit DB Packet Storm

229415	7.5	危険	WeBid Support	-	WeBid auction script の item.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-7119	2012-12-20 19:10	2009-08-28	Show	GitHub Exploit DB Packet Storm

229416	5	警告	WeBid Support	-	WeBid auction script における SQL クエリログを取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-7118	2012-12-20 19:10	2009-08-28	Show	GitHub Exploit DB Packet Storm

229417	5	警告	WeBid Support	-	WeBid auction script の eledicss.php における任意のカスケードスタイルシートファイル (CSS) を変更される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-7117	2012-12-20 19:10	2009-08-28	Show	GitHub Exploit DB Packet Storm

229418	7.5	危険	WeBid Support	-	WeBid auction script の admin panel における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-7116	2012-12-20 19:10	2009-08-28	Show	GitHub Exploit DB Packet Storm

229419	4.3	警告	phpcart	-	Carmosa phpCart におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-7108	2012-12-20 19:10	2009-08-28	Show	GitHub Exploit DB Packet Storm

229420	5	警告	ソフォス	-	Microsoft Exchange 用の Sophos PureMessage におけるスキャン保護のリモート回避をされる脆弱性	CWE-Other その他	CVE-2008-7106	2012-12-20 19:10	2009-08-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3801	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3802	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3803	-		-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3804	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

3805	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

3806	9.8	CRITICAL Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…	CWE-426 Untrusted Search Path	CVE-2026-45772	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

3807	7.5	HIGH Network	ws_project	ws	ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…	CWE-908 Use of Uninitialized Resource	CVE-2026-45736	2026-05-19 23:39	2026-05-16	Show	GitHub Exploit DB Packet Storm

3808	7.5	HIGH Network	-	-	The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…	-	CVE-2025-15609	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

3809	9.8	CRITICAL Network	-	-	The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-4885	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

3810	9.8	CRITICAL Network	-	-	The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'piotnetforms_ajax_form_builder' function in all versions up to, and including…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-4883	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm