Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2411 8.8 重要
Network 		OpenFGA OpenFGA
Helm Charts 		OpenFGAのHelm Charts等の複数製品における不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-34972 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2412 9.8 緊急
Network 		man d-tale Man GroupのD-Taleにおけるクロスサイトスクリプティングの脆弱性 CWE-79
CWE-noinfo
CVE-2026-35052 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2413 5.4 警告
Network 		GoHugo Hugo GoHugoのHugoにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-35166 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2414 6.5 警告
Network 		Eugene Pankov Ajenti Eugene PankovのAjentiにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2026-35175 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2415 7.1 重要
Local 		Vim Vim Vimにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-35177 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2416 7.7 重要
Network 		pyLoad-ng project pyLoad-ng pyLoad-ng projectのpyLoad-ngにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-35187 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2417 7.5 重要
Network 		saleor saleor saleorにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-35401 2026-04-21 10:46 2026-04-8 Show GitHub Exploit DB Packet Storm
2418 9.3 緊急
Network 		Monospace Inc Directus Monospace IncのDirectusにおける複数の脆弱性 CWE-346
CWE-693
CVE-2026-35408 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2419 7.7 重要
Network 		Monospace Inc Directus Monospace IncのDirectusにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-35409 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
2420 6.1 警告
Network 		Monospace Inc Directus Monospace IncのDirectusにおける複数の脆弱性 CWE-184
CWE-601
CVE-2026-35410 2026-04-21 10:46 2026-04-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
349091 - matt_wright formmail Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass the HTTP_REFERER check and conduct unauthorized activities via (1) a blank referer, (2) a spoofed referer with a trusted domain/… NVD-CWE-Other
CVE-2002-2109 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349092 - rca digital_cable_modem The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers to cause a denial of service (modem device reset) by connecting to port 80 on the 10.0.0.0/8 device. NVD-CWE-Other
CVE-2002-2110 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349093 - rca digital_cable_modem RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP acc… NVD-CWE-Other
CVE-2002-2112 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349094 - agh htmlsearch search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the template parameter. NVD-CWE-Other
CVE-2002-2113 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349095 - hns hns
hns-lite 		Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) Lite before 0.9 and HNS before 2.10-pl2 allows remote attackers to inject arbitrary web script or HTML. NVD-CWE-Other
CVE-2002-2115 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349096 - netgear rm356
rt338 		Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. NVD-CWE-Other
CVE-2002-2116 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349097 - qnx rtos Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to execute arbitrary code via long filename arguments to (1) Watcom or (2) int10. NVD-CWE-Other
CVE-2002-2120 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349098 - pointsec_mobile_technologies pointsec Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in plaintext, which allows a local attacker who steals an unlocked Palm to retrieve the PIN by dumping memory. NVD-CWE-Other
CVE-2002-2122 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349099 - pedestal_software integrity_protection_driver restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver installation for 20 minutes, which allows local users to insert malicious code by setting system clock to an earlier time. NVD-CWE-Other
CVE-2002-2126 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349100 - w-agora w-agora editform.php in w-Agora 4.1.5 allows local users to execute arbitrary PHP code via .. (dot dot) sequences in the file parameter. NVD-CWE-Other
CVE-2002-2128 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm