Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230511	5	警告	Apache Software Foundation	-	Apache POI におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2012-0213	2012-11-30 15:09	2012-08-7	Show	GitHub Exploit DB Packet Storm

230512	5	警告	日本電気アップルサイバートラスト株式会社サン・マイクロシステムズヒューレット・パッカード VMware 日立レッドハット	-	Sun JRE で使用している Apache Xerces2 Java におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-2625	2012-11-30 14:55	2009-08-5	Show	GitHub Exploit DB Packet Storm

230513	4.3	警告	オラクル	-	Oracle OpenSSO における認証の処理に関する脆弱性	CWE-noinfo 情報不足	CVE-2012-0079	2012-11-30 14:51	2012-01-17	Show	GitHub Exploit DB Packet Storm

230514	6.5	警告	Esri	-	ArcGIS Server に SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2012-4949	2012-11-30 13:41	2012-11-12	Show	GitHub Exploit DB Packet Storm

230515	2.1	注意	SGI	-	Performance Co-Pilot における任意のファイルを上書される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2012-5530	2012-11-30 12:02	2012-11-29	Show	GitHub Exploit DB Packet Storm

230516	5	警告	IBM	-	Tivoli Endpoint Manager for Remote Control Broker におけるサービス運用妨害 (リソース消費) の脆弱性	CWE-399 リソース管理の問題	CVE-2012-4841	2012-11-30 12:01	2012-11-29	Show	GitHub Exploit DB Packet Storm

230517	9.3	危険	ヒューレット・パッカード	-	HP Integrated Lights-Out 3 および Integrated Lights-Out 4 における重要な情報を取得される脆弱性	CWE-noinfo 情報不足	CVE-2012-3271	2012-11-30 12:01	2012-11-19	Show	GitHub Exploit DB Packet Storm

230518	7.8	危険	京セラ株式会社	-	複数の京セラ製携帯端末におけるメール受信時に再起動する問題	CWE-noinfo 情報不足	CVE-2012-5174	2012-11-30 12:01	2012-11-30	Show	GitHub Exploit DB Packet Storm

230519	9.3	危険	シマンテック	-	複数の Symantec 製品に脆弱性	CWE-119 バッファエラー	CVE-2012-4953	2012-11-30 11:52	2012-11-6	Show	GitHub Exploit DB Packet Storm

230520	5	警告	Google	-	Google CityHash におけるサービス運用妨害 (CPU 資源の消費) の脆弱性	CWE-310 暗号の問題	CVE-2012-6051	2012-11-29 16:16	2012-11-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
451	8.1	HIGH Network	-	-	In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted… New	CWE-89 SQL Injection	CVE-2026-44331	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

452	-		-	-	Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-se… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-40280	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

453	-		-	-	PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t… New	CWE-502 CWE-918 Deserialization of Untrusted Data Server-Side Request Forgery (SSRF)	CVE-2026-34084	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

454	-		-	-	CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The l… New	CWE-863 Incorrect Authorization	CVE-2026-33489	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

455	-		-	-	Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing … New	CWE-862 Missing Authorization	CVE-2026-33420	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

456	-		-	-	SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que… New	CWE-89 SQL Injection	CVE-2026-33324	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

457	-		-	-	CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decodi… New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-32936	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

458	-		-	-	FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser control… New	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-32699	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

459	-		-	-	Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin… New	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2026-31893	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

460	8.1	HIGH Network	-	-	School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-7491	2026-05-6 05:16	2026-05-2	Show	GitHub Exploit DB Packet Storm