Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 21, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
231661	7.5	危険	phpmyreports	-	phpMyReports の include/lib/lib_head.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-0571	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

231662	7.5	危険	x-dev	-	xNews の xNews.php における SQL インジェクションの脆弱性	-	CVE-2007-0569	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

231663	4	警告	シマンテック	-	SWS のライセンス登録インターフェースにおけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2007-0564	2012-12-20 18:19	2007-01-24	Show	GitHub Exploit DB Packet Storm

231664	4.3	警告	シマンテック	-	SWS におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-0563	2012-12-20 18:19	2007-01-24	Show	GitHub Exploit DB Packet Storm

231665	7.5	危険	xero portal	-	Xero Portal における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-0561	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

231666	7.5	危険	rp world	-	RPW の config.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-0559	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

231667	7.2	危険	rmake	-	rMake における権限を取得される脆弱性	-	CVE-2007-0557	2012-12-20 18:19	2007-01-29	Show	GitHub Exploit DB Packet Storm

231668	6.8	警告	phproxy	-	PHProxy の index.inc.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-0553	2012-12-20 18:19	2007-01-29	Show	GitHub Exploit DB Packet Storm

231669	7.8	危険	toxiclab	-	Toxiclab Shoutbox におけるパスワードを含むデータベースをダウンロードされる脆弱性	-	CVE-2007-0546	2012-12-20 18:19	2007-01-29	Show	GitHub Exploit DB Packet Storm

231670	9.4	危険	zixforum	-	ZixForum におけるデータベースをダウンロードされる脆弱性	-	CVE-2007-0543	2012-12-20 18:19	2007-01-29	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
531	5.3	MEDIUM Network	-	-	An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd New	CWE-640 Weak Password Recovery Mechanism for Forgotten Password	CVE-2026-36438	2026-05-19 23:16	2026-05-19	Show	GitHub Exploit DB Packet Storm

532	9.1	CRITICAL Network	freertos	coremqtt	Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users s… Update	CWE-125 Out-of-bounds Read	CVE-2026-8686	2026-05-19 23:01	2026-05-16	Show	GitHub Exploit DB Packet Storm

533	9.8	CRITICAL Network	lmsys	sglang	SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-7301	2026-05-19 22:49	2026-05-18	Show	GitHub Exploit DB Packet Storm

534	9.1	CRITICAL Network	lmsys	sglang	SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by … New	CWE-35 Path Traversal: '.../...//'	CVE-2026-7302	2026-05-19 22:43	2026-05-18	Show	GitHub Exploit DB Packet Storm

535	9.8	CRITICAL Network	lmsys	sglang	SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-7304	2026-05-19 22:38	2026-05-18	Show	GitHub Exploit DB Packet Storm

536	7.0	HIGH Local	vim	vim	Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik… Update	CWE-78 CWE-88 OS Command Argument Injection	CVE-2026-46483	2026-05-19 21:27	2026-05-16	Show	GitHub Exploit DB Packet Storm

537	5.8	MEDIUM Network	traefik	traefik	Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.44, 3.6.15, and 3.7.0-rc.3, there is an information disclosure vulnerability in Traefik's errors (custom error pages) middleware. Whe… Update	CWE-201 Insertion of Sensitive Information Into Sent Data	CVE-2026-41181	2026-05-19 21:24	2026-05-16	Show	GitHub Exploit DB Packet Storm

538	9.9	CRITICAL Network	traefik	traefik	Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the RE… Update	CWE-284 Improper Access Control	CVE-2026-44774	2026-05-19 21:22	2026-05-16	Show	GitHub Exploit DB Packet Storm

539	5.4	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, the POST /api/v1/evaluations/feedback endpoint in Open WebUI v0.9.2 is vulnerable to… Update	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-45396	2026-05-19 21:20	2026-05-16	Show	GitHub Exploit DB Packet Storm

540	5.3	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, GET /api/v1/retrieval/ returns live RAG pipeline configuration to any unauthenticate… Update	CWE-306 Missing Authentication for Critical Function	CVE-2026-45397	2026-05-19 21:19	2026-05-16	Show	GitHub Exploit DB Packet Storm