Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 8, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2391 5.5 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおける未定義、未指定、または実装定義の動作への依存に関する脆弱性 CWE-758
未定義、未指定、または実装定義の動作への依存 		CVE-2026-34549 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2392 5.5 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおける数値型間の変換の誤りに関する脆弱性 CWE-681
数値型間の変換の誤り 		CVE-2026-34550 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2393 5.5 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-34551 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2394 5.5 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-34552 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2395 5.5 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-34554 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2396 6.2 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-121
スタックオーバーフロー 		CVE-2026-34555 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2397 5.5 警告
Local 		International Color Consortium (ICC) iccDEV International Color Consortium (ICC)のiccDEVにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-34556 2026-04-21 10:47 2026-03-31 Show GitHub Exploit DB Packet Storm
2398 9.1 緊急
Network 		Vikunja Vikunja Vikunjaにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2026-34727 2026-04-21 10:47 2026-04-10 Show GitHub Exploit DB Packet Storm
2399 5.4 警告
Network 		vLLM vLLM vLLMにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-34753 2026-04-21 10:47 2026-04-6 Show GitHub Exploit DB Packet Storm
2400 6.5 警告
Network 		vLLM vLLM vLLMにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-34755 2026-04-21 10:47 2026-04-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
111 7.7 HIGH
Local 		- - The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct… New CWE-200
CWE-782
CWE-787
Information Exposure
 Exposed IOCTL with Insufficient Access Control
 Out-of-bounds Write 		CVE-2026-36355 2026-05-8 00:53 2026-05-5 Show GitHub Exploit DB Packet Storm
112 9.1 CRITICAL
Network 		- - The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. New CWE-78
CWE-306
OS Command 
Missing Authentication for Critical Function 		CVE-2026-36356 2026-05-8 00:53 2026-05-5 Show GitHub Exploit DB Packet Storm
113 4.7 MEDIUM
Network 		- - ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage. New CWE-79
Cross-site Scripting 		CVE-2025-52206 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
114 5.3 MEDIUM
Network 		- - An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen… New CWE-696
 Incorrect Behavior Order 		CVE-2026-43002 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
115 9.8 CRITICAL
Network 		- - Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza… New CWE-89
SQL Injection 		CVE-2026-38428 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
116 7.7 HIGH
Network 		- - An issue was discovered in idrac in OpenStack Ironic before 35.0.1. During import, a user invoking molds can request authorization to be sent to a remote endpoint. The credential forwarded is a time-… New CWE-669
 Incorrect Resource Transfer Between Spheres 		CVE-2026-42997 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
117 7.5 HIGH
Network 		- - Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14. New CWE-284
Improper Access Control 		CVE-2024-52911 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
118 8.1 HIGH
Network 		- - In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted… New CWE-89
SQL Injection 		CVE-2026-44331 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
119 3.4 LOW
Adjacent 		- - In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm. New CWE-327
 Use of a Broken or Risky Cryptographic Algorithm 		CVE-2026-44405 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm
120 - - - lxc is a Linux container runtime. In the setuid helper lxc-user-nic, the delete path contains a logic flaw in the find_line() function that allows an unprivileged user to delete OVS-attached network … New CWE-863
 Incorrect Authorization 		CVE-2026-39402 2026-05-8 00:53 2026-05-6 Show GitHub Exploit DB Packet Storm