Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 24, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
231171	4.3	警告	WordPress.org	-	WordPress 用の cordobo-green-park テーマの blogroll.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-3241	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231172	4.3	警告	WordPress.org	-	WordPress 用の Vistered-Little テーマの 404.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-3240	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231173	4.3	警告	WordPress.org	-	WordPress 用の AndyBlue テーマの searchform.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-3239	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231174	6	警告	WordPress.org	-	WordPress のデフォルトテーマの functions.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-3238	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231175	6.8	警告	XOOPS	-	XOOPS 用の TinyContent モジュールにおける PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-3237	2012-12-20 18:19	2007-06-12	Show	GitHub Exploit DB Packet Storm

231176	7.5	危険	XOOPS	-	XOOPS 用の Horoscope モジュールにおける PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-3236	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231177	5	警告	tec-it	-	TEC-IT TBarCode OCX ActiveX コントロールにおける任意のファイルを上書きされる脆弱性	-	CVE-2007-3233	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231178	6.8	警告	simian systems inc	-	Idan Sofer PHP::HTML の phphtml.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-3230	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231179	6.8	警告	singapore	-	Singapore Gallery の index.php における重要な情報を取得される脆弱性	-	CVE-2007-3229	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

231180	6.8	警告	simian systems inc	-	Sitellite CMS における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-3228	2012-12-20 18:19	2007-06-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1601	-		-	-	PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-44439	2026-05-15 03:17	2026-05-14	Show	GitHub Exploit DB Packet Storm

1602	4.3	MEDIUM Network	-	-	Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi…	CWE-863 Incorrect Authorization	CVE-2026-44374	2026-05-15 03:17	2026-05-15	Show	GitHub Exploit DB Packet Storm

1603	9.8	CRITICAL Network	-	-	Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o…	CWE-78 OS Command	CVE-2026-8500	2026-05-15 03:16	2026-05-14	Show	GitHub Exploit DB Packet Storm

1604	-		-	-	CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.	CWE-331 Insufficient Entropy	CVE-2026-4827	2026-05-15 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1605	7.7	HIGH Network	getgrav	grav	Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2026-44738	2026-05-15 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1606	2.5	LOW Local	-	-	PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…	CWE-415 Double Free	CVE-2026-44348	2026-05-15 03:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1607	-		-	-	STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. Thi…	CWE-22 CWE-73 Path Traversal External Control of File Name or Path	CVE-2026-42881	2026-05-15 03:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1608	8.1	HIGH Network	getgrav	grav	Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existi…	CWE-269 CWE-285 CWE-639 CWE-837 Improper Privilege Management Improper Authorization Authorization Bypass Through User-Controlled Key Improper Enforcement of a Single, Unique Action	CVE-2026-42609	2026-05-15 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1609	8.8	HIGH Network	arubanetworks	arubaos sd-wan	Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…	CWE-77 Command Injection	CVE-2026-44869	2026-05-15 03:15	2026-05-13	Show	GitHub Exploit DB Packet Storm

1610	1.8	LOW Physics	-	-	Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access.	CWE-693 Protection Mechanism Failure	CVE-2026-30904	2026-05-15 03:15	2026-05-14	Show	GitHub Exploit DB Packet Storm