Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230941	7.2	危険	サイバートラスト株式会社 VMware Linux レッドハット	-	Linux kernel の drivers/scsi/mpt2sas/mpt2sas_ctl.c における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2011-1495	2012-12-20 13:39	2011-05-3	Show	GitHub Exploit DB Packet Storm

230942	6.9	警告	サイバートラスト株式会社 VMware Linux レッドハット	-	Linux kernel の _ctl_do_mpt_command 関数における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-1494	2012-12-20 12:30	2011-05-3	Show	GitHub Exploit DB Packet Storm

230943	1.2	注意	Boat Browser	-	Boat Browser および Boat Browser Mini における WebView クラスに関する脆弱性	CWE-Other その他	CVE-2012-5179	2012-12-20 12:01	2012-12-20	Show	GitHub Exploit DB Packet Storm

230944	9.3	危険	リアルネットワークス	-	RealNetworks RealPlayer および RealPlayer SP におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2012-5691	2012-12-20 11:50	2012-12-14	Show	GitHub Exploit DB Packet Storm

230945	9.3	危険	リアルネットワークス	-	RealNetworks RealPlayer および RealPlayer SP における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2012-5690	2012-12-20 11:45	2012-12-14	Show	GitHub Exploit DB Packet Storm

230946	7.2	危険	シマンテック	-	Symantec Enterprise Security Manager における権限を取得される脆弱性	CWE-Other その他	CVE-2012-4350	2012-12-20 11:38	2012-12-13	Show	GitHub Exploit DB Packet Storm

230947	9.3	危険	マイクロソフト	-	Microsoft Excel および Microsoft Office における任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2012-1847	2012-12-19 18:49	2012-05-8	Show	GitHub Exploit DB Packet Storm

230948	10	危険	サン・マイクロシステムズ VMware 日立ヒューレット・パッカードレッドハット	-	複数の Oracle 製品の 2D コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-3566	2012-12-19 18:15	2010-10-12	Show	GitHub Exploit DB Packet Storm

230949	10	危険	サン・マイクロシステムズサイバートラスト株式会社 VMware ヒューレット・パッカードレッドハット	-	複数の Oracle 製品の 2D コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-3565	2012-12-19 18:14	2010-10-12	Show	GitHub Exploit DB Packet Storm

230950	10	危険	サン・マイクロシステムズサイバートラスト株式会社 VMware ヒューレット・パッカードレッドハット	-	複数の Oracle 製品の Deployment コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-3563	2012-12-19 18:13	2010-10-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
81	6.8	MEDIUM Network	-	-	SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42291	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

82	9.8	CRITICAL Network	gitpython_project	gitpython	GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)… New	CWE-88 Argument Injection	CVE-2026-42284	2026-05-9 08:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

83	-		-	-	Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check th… New	CWE-601 Open Redirect	CVE-2026-42259	2026-05-9 08:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

84	7.6	HIGH Network	-	-	ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the conte… New	CWE-79 Cross-site Scripting	CVE-2026-42224	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

85	-		-	-	pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(… New	CWE-195 CWE-918 Signed to Unsigned Conversion Error Server-Side Request Forgery (SSRF)	CVE-2026-41682	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

86	7.9	HIGH Local	-	-	Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when … New	CWE-200 CWE-312 Information Exposure Cleartext Storage of Sensitive Information	CVE-2026-41520	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

87	7.1	HIGH Network	-	-	New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an … New	CWE-345 CWE-863 CWE-1188 Insufficient Verification of Data Authenticity Incorrect Authorization Insecure Default Initialization of Resource	CVE-2026-41432	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

88	9.8	CRITICAL Network	-	-	ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. New	CWE-94 Code Injection	CVE-2026-36458	2026-05-9 08:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

89	-		-	-	Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal … New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-32686	2026-05-9 08:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

90	9.8	CRITICAL Network	-	-	The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… New	CWE-285 Improper Authorization	CVE-2026-30496	2026-05-9 08:16	2026-05-7	Show	GitHub Exploit DB Packet Storm