Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 8, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2351 5.4 警告
Network 		WSO2 WSO2 API Manager WSO2のWSO2 API Managerにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-4867 2026-04-24 11:34 2026-04-16 Show GitHub Exploit DB Packet Storm
2352 7.5 重要
Network 		WSO2 WSO2 API Manager WSO2のWSO2 API ManagerにおけるXML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2024-8010 2026-04-24 11:34 2026-04-16 Show GitHub Exploit DB Packet Storm
2353 5.4 警告
Network 		WSO2 WSO2 Identity Server WSO2のWSO2 Identity Serverにおけるセッション期限に関する脆弱性 CWE-613
不適切なセッション期限 		CVE-2025-12624 2026-04-24 11:34 2026-04-16 Show GitHub Exploit DB Packet Storm
2354 8.2 重要
Network 		HCL Technologies Limited HCL BigFix Service Management (SM) HCL Technologies LimitedのHCL BigFix Service Management (SM)におけるHTTP リクエストスマグリングに関する脆弱性 CWE-444
HTTP リクエストスマグリング 		CVE-2025-31958 2026-04-24 11:34 2026-04-21 Show GitHub Exploit DB Packet Storm
2355 5.3 警告
Network 		HCL Technologies Limited HCL BigFix Service Management (SM) HCL Technologies LimitedのHCL BigFix Service Management (SM)における重要な情報の平文での送信に関する脆弱性 CWE-319
重要な情報の平文での送信 		CVE-2025-31981 2026-04-24 11:34 2026-04-21 Show GitHub Exploit DB Packet Storm
2356 6.1 警告
Network 		WSO2 WSO2 API Manager
WSO2 Identity Server 		WSO2のWSO2 API Manager等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-6024 2026-04-24 11:34 2026-04-16 Show GitHub Exploit DB Packet Storm
2357 6.5 警告
Network 		フォーティネット FortiOS
FortiPAM
FortiProxy
FortiSwitch Manager 		フォーティネットのFortiOS等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-61624 2026-04-24 11:34 2026-04-14 Show GitHub Exploit DB Packet Storm
2358 5.4 警告
Network 		フォーティネット FortiSandbox
FortiSandbox Cloud 		フォーティネットのFortiSandbox等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-61886 2026-04-24 11:34 2026-04-14 Show GitHub Exploit DB Packet Storm
2359 5.3 警告
Network 		Apache Software Foundation Apache Doris-MCP-Server Apache Software FoundationのApache Doris-MCP-ServerにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2025-66335 2026-04-24 11:34 2026-04-20 Show GitHub Exploit DB Packet Storm
2360 6.5 警告
Network 		フォーティネット FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
FortiManager 		フォーティネットのFortiAnalyzer等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-68649 2026-04-24 11:34 2026-04-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
315351 - hypermail_development hypermail Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by reque… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2001-0901 2024-01-27 05:01 2001-11-19 Show GitHub Exploit DB Packet Storm
315352 - apache
ncsa 		http_server
ncsa_httpd 		phf CGI program allows remote command execution through shell metacharacters. CWE-78
OS Command  		CVE-1999-0067 2024-01-27 05:00 1996-03-20 Show GitHub Exploit DB Packet Storm
315353 - e107 e107 ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to imag… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2004-2262 2024-01-27 04:10 2004-12-31 Show GitHub Exploit DB Packet Storm
315354 - yvesglodt i-man I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2005-1868 2024-01-27 04:07 2005-06-9 Show GitHub Exploit DB Packet Storm
315355 - yapig yapig upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP co… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2005-1881 2024-01-27 04:07 2005-06-6 Show GitHub Exploit DB Packet Storm
315356 - deluxebb deluxebb DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupl… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2006-4558 2024-01-27 04:02 2006-09-6 Show GitHub Exploit DB Packet Storm
315357 - duware_dubanner_project duware_dubanner add.asp in DUware DUbanner 3.1 allows remote attackers to execute arbitrary code by uploading files with arbitrary extensions, such as ASP files, probably due to client-side enforcement that can be b… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2006-2428 2024-01-27 04:01 2006-05-17 Show GitHub Exploit DB Packet Storm
315358 - rockliffe mailsite_express Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the ca… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2005-3288 2024-01-27 04:01 2005-10-23 Show GitHub Exploit DB Packet Storm
315359 - linux
canonical
debian
mandriva 		linux_kernel
ubuntu_linux
debian_linux
linux 		The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from … CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2005-3181 2024-01-27 03:56 2005-10-12 Show GitHub Exploit DB Packet Storm
315360 - linux linux_kernel The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2.6.6, does not properly decrement the mm_count counter when an error occurs after the mm_struct for a child process has been activ… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2004-0427 2024-01-27 03:56 2004-07-7 Show GitHub Exploit DB Packet Storm