Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 16, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229621	7.5	危険	x-script	-	x-script GuestBook の mes_add.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-5189	2012-12-20 18:33	2007-10-3	Show	GitHub Exploit DB Packet Storm

229622	7.5	危険	XOOPS	-	Xoops の XOOPS アップローダークラスにおける任意のファイルをアップロードされる脆弱性	CWE-noinfo 情報不足	CVE-2007-5188	2012-12-20 18:33	2007-10-1	Show	GitHub Exploit DB Packet Storm

229623	7.5	危険	PHP-Fusion	-	PHP-Fusion 用の Expanded Calendar モジュールにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-5187	2012-12-20 18:33	2007-10-3	Show	GitHub Exploit DB Packet Storm

229624	6.8	警告	segue cms	-	Segue CMS の index.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-5186	2012-12-20 18:33	2007-10-3	Show	GitHub Exploit DB Packet Storm

229625	6.8	警告	phpwcms-xt	-	phpWCMS XT における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-5185	2012-12-20 18:33	2007-10-3	Show	GitHub Exploit DB Packet Storm

229626	7.5	危険	smbftpd	-	SmbFTPD の dirlist.c におけるフォーマットストリングの脆弱性	CWE-134 書式文字列の問題	CVE-2007-5184	2012-12-20 18:33	2007-09-30	Show	GitHub Exploit DB Packet Storm

229627	4.3	警告	y&k iletisim formu	-	Y&K Iletisim Formu の iletisim.asp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5179	2012-12-20 18:33	2007-10-3	Show	GitHub Exploit DB Packet Storm

229628	5	警告	quicksilver forums	-	Quicksilver Forums における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2007-5172	2012-12-20 18:33	2007-10-1	Show	GitHub Exploit DB Packet Storm

229629	5	警告	quicksilver forums	-	Quicksilver Forums における任意の PMs を削除される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2007-5171	2012-12-20 18:33	2007-10-1	Show	GitHub Exploit DB Packet Storm

229630	5	警告	サン・マイクロシステムズ	-	Sun Fire X2100 M2 および ELOM の SP における任意のネットワークトラフィックを送信される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2007-5170	2012-12-20 18:33	2007-09-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2321	7.6	HIGH Network	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a thro…	CWE-89 SQL Injection	CVE-2026-45213	2026-05-12 23:03	2026-05-12	Show	GitHub Exploit DB Packet Storm

2322	8.5	HIGH Network	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xp…	CWE-89 SQL Injection	CVE-2026-45214	2026-05-12 23:03	2026-05-12	Show	GitHub Exploit DB Packet Storm

2323	5.3	MEDIUM Network	-	-	Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal WP EasyPay wp-easy-pay allows Retrieve Embedded Sensitive Data.This issue affects WP EasyPay: from n/a through <= 4.3.0.	CWE-201 Insertion of Sensitive Information Into Sent Data	CVE-2026-45215	2026-05-12 23:03	2026-05-12	Show	GitHub Exploit DB Packet Storm

2324	7.7	HIGH Network	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a t…	CWE-89 SQL Injection	CVE-2026-45218	2026-05-12 23:03	2026-05-12	Show	GitHub Exploit DB Packet Storm

2325	4.8	MEDIUM Network	weblate	wlc	wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting…	CWE-79 Cross-site Scripting	CVE-2026-42150	2026-05-12 23:00	2026-05-8	Show	GitHub Exploit DB Packet Storm

2326	3.3	LOW Network	kimai	kimai	Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to …	CWE-862 Missing Authorization	CVE-2026-41498	2026-05-12 22:59	2026-05-8	Show	GitHub Exploit DB Packet Storm

2327	6.5	MEDIUM Network	onyx	onyx	Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42277	2026-05-12 22:58	2026-05-8	Show	GitHub Exploit DB Packet Storm

2328	5.9	MEDIUM Network	elabftw	elabftw	eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under…	CWE-302 Authentication Bypass by Assumed-Immutable Data	CVE-2026-28510	2026-05-12 22:58	2026-05-5	Show	GitHub Exploit DB Packet Storm

2329	9.1	CRITICAL Network	librenms	librenms	LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's in…	CWE-78 OS Command	CVE-2024-51092	2026-05-12 22:50	2026-05-8	Show	GitHub Exploit DB Packet Storm

2330	7.3	HIGH Network	astrbot	astrbot	AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT.	CWE-321 Use of Hard-coded Cryptographic Key	CVE-2025-55449	2026-05-12 22:49	2026-05-8	Show	GitHub Exploit DB Packet Storm