Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229951 7.5 危険 rediff - Rediff Bol Downloader OCX コントロールにおける重要な情報 (ユーザ名およびパス名) を取得される脆弱性 - CVE-2006-6838 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
229952 6.8 警告 sergey oblomov - Total Commander 用の ISO プラグインの LoadTree などの関数におけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2006-6837 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
229953 7.5 危険 yrch - Yrch! の plugins/metasearch/plug.inc.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6823 2012-12-20 18:02 2006-12-29 Show GitHub Exploit DB Packet Storm
229954 7.5 危険 vladimir menshakov - Vladimir Menshakov buratinable templator の process.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6809 2012-12-20 18:02 2006-12-29 Show GitHub Exploit DB Packet Storm
229955 6.8 警告 WordPress.org - WordPress の wp-admin/templates.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6808 2012-12-20 18:02 2006-12-28 Show GitHub Exploit DB Packet Storm
229956 7.5 危険 softwebsnepal - Softwebs Nepal Ananda Real Estate の list.asp における SQL インジェクションの脆弱性 - CVE-2006-6807 2012-12-20 18:02 2006-12-28 Show GitHub Exploit DB Packet Storm
229957 6.8 警告 sh-news - SH-News の misc.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6801 2012-12-20 18:02 2006-12-28 Show GitHub Exploit DB Packet Storm
229958 7.5 危険 The Cacti Group - Cacti における SQL インジェクションの脆弱性 - CVE-2006-6799 2012-12-20 18:02 2006-12-28 Show GitHub Exploit DB Packet Storm
229959 7.5 危険 PHP Outburst - UPB の chat/login.php における任意の PHP コードを挿入される脆弱性 - CVE-2006-6790 2012-12-20 18:02 2006-12-27 Show GitHub Exploit DB Packet Storm
229960 7.5 危険 phpbbxtra - Phpbbxtra の includes/archive/archive_topic.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6789 2012-12-20 18:02 2006-12-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1471 8.8 HIGH
Network 		- - CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. CWE-89
SQL Injection 		CVE-2026-7489 2026-05-6 05:14 2026-05-2 Show GitHub Exploit DB Packet Storm
1472 7.2 HIGH
Network 		- - CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-7490 2026-05-6 05:14 2026-05-2 Show GitHub Exploit DB Packet Storm
1473 - - - Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5. CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2026-6499 2026-05-6 05:14 2026-05-4 Show GitHub Exploit DB Packet Storm
1474 - - - Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5. CWE-256
Plaintext Storage of a Password  		CVE-2026-6500 2026-05-6 05:14 2026-05-5 Show GitHub Exploit DB Packet Storm
1475 - - - Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. CWE-611
XXE 		CVE-2026-6501 2026-05-6 05:14 2026-05-5 Show GitHub Exploit DB Packet Storm
1476 8.8 HIGH
Adjacent 		google android In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as… CWE-303
 Incorrect Implementation of Authentication Algorithm 		CVE-2026-0073 2026-05-6 04:54 2026-05-5 Show GitHub Exploit DB Packet Storm
1477 9.8 CRITICAL
Network 		- - Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager… CWE-306
Missing Authentication for Critical Function 		CVE-2026-42796 2026-05-6 04:50 2026-05-5 Show GitHub Exploit DB Packet Storm
1478 7.1 HIGH
Local 		- - Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq… CWE-23
 Relative Path Traversal 		CVE-2026-43616 2026-05-6 04:50 2026-05-5 Show GitHub Exploit DB Packet Storm
1479 7.5 HIGH
Network 		- - Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated rem… CWE-798
 Use of Hard-coded Credentials 		CVE-2026-32834 2026-05-6 04:47 2026-05-5 Show GitHub Exploit DB Packet Storm
1480 7.5 HIGH
Network 		- - Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to en… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-41471 2026-05-6 04:47 2026-05-5 Show GitHub Exploit DB Packet Storm