Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 10, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230901 7.5 危険 randshop - Randshop の index.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-3537 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230902 7.5 危険 ej3 - EJ3 TOPo の code/class_db_text.php における任意の PHP コードを実行される脆弱性 - CVE-2006-3536 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230903 5 警告 Nullsoft - Nullsoft SHOUTcast DSP におけるディレクトリトラバーサルの脆弱性 - CVE-2006-3535 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230904 7.8 危険 Nullsoft - Nullsoft SHOUTcast DSP におけるディレクトリトラバーサルの脆弱性 - CVE-2006-3534 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230905 5.8 警告 pivot - Pivot におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-3533 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230906 5.1 警告 pivot - Pivot の includes/edit_new.php における任意の PHP コードを実行される脆弱性 - CVE-2006-3532 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230907 7.5 危険 pivot - Pivot の includes/editor/insert_image.php における任意のファイルをアップロードされる脆弱性 - CVE-2006-3531 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230908 6.8 警告 Joomla! - Mambo 用の PccookBook Component の com_pccookbook/pccookbook.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-3530 2012-12-20 18:02 2006-07-12 Show GitHub Exploit DB Packet Storm
230909 2.1 注意 シマンテック - SODP の SODA および Virtual Desktop モジュール における重要なデータを読み取られる脆弱性 - CVE-2006-3457 2012-12-20 18:02 2006-08-1 Show GitHub Exploit DB Packet Storm
230910 4.3 警告 シマンテック - Symantec AntiVirus Corporate Edition などで使用される SAVRT.SYS デバイスドライバにおける任意のコードを実行される脆弱性 - CVE-2006-3455 2012-12-20 18:02 2006-10-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
261 7.8 HIGH
Local 		- - PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line argu… New CWE-88
CWE-93
Argument Injection
CRLF Injection 		CVE-2026-41570 2026-05-9 02:16 2026-05-9 Show GitHub Exploit DB Packet Storm
262 - - - Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHan… New - CVE-2026-38360 2026-05-9 02:16 2026-05-9 Show GitHub Exploit DB Packet Storm
263 8.2 HIGH
Network 		- - nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the librar… New CWE-121
Stack-based Buffer Overflow 		CVE-2026-29972 2026-05-9 02:16 2026-05-9 Show GitHub Exploit DB Packet Storm
264 8.8 HIGH
Network 		- - NPM package node-ts-ocr 1.0.15 is vulnerable to OS Command Injection via the invokeImageOcr function in src/index.js. New CWE-78
OS Command  		CVE-2025-63705 2026-05-9 02:16 2026-05-8 Show GitHub Exploit DB Packet Storm
265 9.8 CRITICAL
Network 		phpoffice phpspreadsheet PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t… Update CWE-502
CWE-918
 Deserialization of Untrusted Data
Server-Side Request Forgery (SSRF)  		CVE-2026-34084 2026-05-9 02:10 2026-05-6 Show GitHub Exploit DB Packet Storm
266 5.4 MEDIUM
Network 		phpoffice phpspreadsheet PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HT… Update CWE-79
Cross-site Scripting 		CVE-2026-35453 2026-05-9 02:08 2026-05-6 Show GitHub Exploit DB Packet Storm
267 7.5 HIGH
Network 		torproject tor Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. New CWE-837
 Improper Enforcement of a Single, Unique Action 		CVE-2026-44601 2026-05-9 02:07 2026-05-7 Show GitHub Exploit DB Packet Storm
268 7.5 HIGH
Network 		torproject tor Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. New CWE-476
 NULL Pointer Dereference 		CVE-2026-44602 2026-05-9 02:06 2026-05-7 Show GitHub Exploit DB Packet Storm
269 9.8 CRITICAL
Network 		frappe erpnext ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on… Update CWE-94
Code Injection 		CVE-2026-38431 2026-05-9 02:06 2026-05-6 Show GitHub Exploit DB Packet Storm
270 8.8 HIGH
Network 		mathjs mathjs Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has… New CWE-915
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-41139 2026-05-9 02:06 2026-05-7 Show GitHub Exploit DB Packet Storm