Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
231101	7.5	危険	gillius programming	-	GNE の ConsoleStreambuf.cpp におけるフォーマットストリングの脆弱性	-	CVE-2006-3908	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231102	5	警告	シーメンス	-	Siemens SpeedStream におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-3907	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231103	7.5	危険	mywebland	-	Webland MyBloggie における SQL インジェクションの脆弱性	-	CVE-2006-3905	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231104	6.8	警告	Etomite Project	-	Etomite CMS の manager/index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2006-3904	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231105	5.8	警告	mywebland	-	myWebland MyBloggie における CRLF インジェクションの脆弱性	-	CVE-2006-3903	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231106	4.3	警告	phpfaber	-	phpFaber TopSites の index.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-3902	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231107	7.5	危険	tumbleweed	-	Tumbleweed EMF におけるスタックベースのバッファオーバーフローの脆弱性	-	CVE-2006-3901	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231108	6.8	警告	tobias kloy	-	TP-Book の guestbook.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-3900	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231109	5	警告	マイクロソフト	-	Windows 上で稼動する Microsoft Internet Explorer 6.0 におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-3899	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

231110	5	警告	マイクロソフト	-	Windows 上で稼動する Microsoft Internet Explorer 6.0 におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-3898	2012-12-20 18:02	2006-07-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
111	4.3	MEDIUM Network	weblate	weblate	Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Th… Update	CWE-203 Information Exposure Through Discrepancy	CVE-2026-44263	2026-05-12 02:24	2026-05-8	Show	GitHub Exploit DB Packet Storm

112	7.5	HIGH Network	prometheus	prometheus	Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint (/api/v1/read) does not validate the declared decoded length in a… Update	CWE-400 CWE-789 Uncontrolled Resource Consumption Memory Allocation with Excessive Size Value	CVE-2026-42154	2026-05-12 02:22	2026-05-5	Show	GitHub Exploit DB Packet Storm

113	7.5	HIGH Network	prometheus	prometheus	Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the client_secret field in the Azure AD remote write OAuth configuration (storage/remote/a… Update	CWE-200 CWE-312 Information Exposure Cleartext Storage of Sensitive Information	CVE-2026-42151	2026-05-12 02:22	2026-05-5	Show	GitHub Exploit DB Packet Storm

114	6.5	MEDIUM Network	github	enterprise_server	An authentication bypass vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to create a local user account, bypassing the configured external identity p… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-6736	2026-05-12 02:20	2026-05-8	Show	GitHub Exploit DB Packet Storm

115	9.9	CRITICAL Network	mozilla	0din_scanner	ai-scanner is an AI model safety scanner built on NVIDIA garak. From version 1.0.0 to before version 1.4.1, there is a remote code execution vulnerability via JavaScript injection in `BrowserAutomati… New	CWE-94 Code Injection	CVE-2026-41512	2026-05-12 02:20	2026-05-8	Show	GitHub Exploit DB Packet Storm

116	7.5	HIGH Network	github	enterprise_server	A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON p… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-7541	2026-05-12 02:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

117	9.8	CRITICAL Network	github	enterprise_server	A server-side request forgery (SSRF) vulnerability was identified in the GitHub Enterprise Server notebook viewer that allowed an attacker to access internal services by exploiting URL parser confusi… New	CWE-436 CWE-918 Interpretation Conflict Server-Side Request Forgery (SSRF)	CVE-2026-8034	2026-05-12 02:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

118	6.5	MEDIUM Network	-	-	Improper restriction of excessive authentication attempts (CWE-307) in pgAdmin 4. pgAdmin enforces MAX_LOGIN_ATTEMPTS only inside its custom /authenticate/login view. Flask-Security's default /login… New	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2026-7820	2026-05-12 02:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

119	8.1	HIGH Network	-	-	Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent k… New	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2026-7819	2026-05-12 02:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

120	7.0	HIGH Local	-	-	Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents (using Python's standard object-seria… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-7818	2026-05-12 02:16	2026-05-12	Show	GitHub Exploit DB Packet Storm