Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229611	7.5	危険	XOOPS	-	Xoops 用の MyConference モジュールにおける SQL インジェクションの脆弱性	-	CVE-2007-2737	2012-12-20 18:19	2007-05-17	Show	GitHub Exploit DB Packet Storm

229612	7.5	危険	touteresa	-	Xoops 用の ResManager モジュールにおける SQL インジェクションの脆弱性	-	CVE-2007-2735	2012-12-20 18:19	2007-05-17	Show	GitHub Exploit DB Packet Storm

229613	10	危険	snaps gallery	-	Snaps! Gallery の Admin/users.php における任意のユーザ名を変更される脆弱性	-	CVE-2007-2715	2012-12-20 18:19	2007-05-16	Show	GitHub Exploit DB Packet Storm

229614	10	危険	tinyirc	-	TinyIdentD におけるスタックベースのバッファオーバーフローの脆弱性	-	CVE-2007-2711	2012-12-20 18:19	2007-05-16	Show	GitHub Exploit DB Packet Storm

229615	6.8	警告	simple php scripts gallery	-	sphp の Ivan Peevski gallery における任意の PHP コードを実行される脆弱性	-	CVE-2007-2679	2012-12-20 18:19	2007-05-14	Show	GitHub Exploit DB Packet Storm

229616	7.5	危険	phpchess	-	phpChess Community Edition における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-2677	2012-12-20 18:19	2007-05-14	Show	GitHub Exploit DB Packet Storm

229617	7.5	危険	PreProject.com	-	Pre Classifieds Listings の search.php における SQL インジェクションの脆弱性	-	CVE-2007-2675	2012-12-20 18:19	2007-05-14	Show	GitHub Exploit DB Packet Storm

229618	7.5	危険	PreProject.com	-	Pre Shopping Mall の detail.php における SQL インジェクションの脆弱性	-	CVE-2007-2674	2012-12-20 18:19	2007-05-14	Show	GitHub Exploit DB Packet Storm

229619	7.5	危険	thinc4orce marketing group	-	PHP Coupon Script の index.php における SQL インジェクションの脆弱性	-	CVE-2007-2672	2012-12-20 18:19	2007-05-14	Show	GitHub Exploit DB Packet Storm

229620	6.8	警告	webdesproxy	-	webdesproxy におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-2668	2012-12-20 18:19	2007-05-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2001	5.1	MEDIUM Physics	-	-	ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any …	CWE-787 Out-of-bounds Write	CVE-2026-40003	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

2002	5.5	MEDIUM Physics	-	-	There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.	CWE-427 Uncontrolled Search Path Element	CVE-2026-40004	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

2003	7.5	HIGH Network	-	-	When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring C…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-40981	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

2004	6.8	MEDIUM Network	-	-	Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every re…	CWE-287 Improper Authentication	CVE-2026-41671	2026-05-7 23:54	2026-05-7	Show	GitHub Exploit DB Packet Storm

2005	-		-	-	A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the w…	CWE-88 Argument Injection	CVE-2026-7865	2026-05-7 23:53	2026-05-6	Show	GitHub Exploit DB Packet Storm

2006	9.1	CRITICAL Network	-	-	Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure. Apache::Session::Generate::ModUniqueId (added in version 1.54) uses the value of the UNIQUE_…	CWE-340 Generation of Predictable Numbers or Identifiers	CVE-2026-5081	2026-05-7 23:52	2026-05-6	Show	GitHub Exploit DB Packet Storm

2007	7.5	HIGH Network	-	-	A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to server crashes, out-of-memory exceptions or excessive …	-	CVE-2026-23870	2026-05-7 23:52	2026-05-7	Show	GitHub Exploit DB Packet Storm

2008	6.5	MEDIUM Network	-	-	RouterOS provides various services that rely on correct verification of client and server certificates to secure confidentiality and integrity of communications. This includes OpenVPN, CAPsMAN, Dot1x…	CWE-295 Improper Certificate Validation	CVE-2025-42611	2026-05-7 23:51	2026-05-5	Show	GitHub Exploit DB Packet Storm

2009	-		-	-	An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary data…	CWE-20 CWE-352 CWE-917 Improper Input Validation Origin Validation Error Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-28201	2026-05-7 23:51	2026-05-7	Show	GitHub Exploit DB Packet Storm

2010	-		-	-	Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS commands) on the docker container via Server-Side Template Injection (S…	CWE-20 Improper Input Validation	CVE-2026-33587	2026-05-7 23:51	2026-05-7	Show	GitHub Exploit DB Packet Storm