Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2441 6.5 警告
Network 		Elasticsearch B.V. Kibana Elasticsearch B.V.のKibanaにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-33461 2026-04-24 11:30 2026-04-8 Show GitHub Exploit DB Packet Storm
2442 4.8 警告
Network 		cryptomator cryptomator cryptomatorにおける複数の脆弱性 CWE-305
CWE-319
CVE-2026-33472 2026-04-24 11:30 2026-04-16 Show GitHub Exploit DB Packet Storm
2443 5.5 警告
Network 		Pinchtab PinchTab PinchtabのPinchTabにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-33619 2026-04-24 11:30 2026-03-26 Show GitHub Exploit DB Packet Storm
2444 6.5 警告
Network 		Pinchtab PinchTab PinchtabのPinchTabにおける複数の脆弱性 CWE-290
CWE-770
CVE-2026-33621 2026-04-24 11:30 2026-03-26 Show GitHub Exploit DB Packet Storm
2445 7.5 重要
Network 		InternLM LMDeploy InternLMのLMDeployにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-33626 2026-04-24 11:30 2026-04-20 Show GitHub Exploit DB Packet Storm
2446 6.1 警告
Network 		Project Jupyter JupyterHub Project JupyterのJupyterHubにおけるオープンリダイレクトの脆弱性 CWE-601
オープンリダイレクト 		CVE-2026-33709 2026-04-24 11:30 2026-04-3 Show GitHub Exploit DB Packet Storm
2447 7.2 重要
Network 		Chamilo Association Chamilo LMS Chamilo AssociationのChamilo LMSにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-33714 2026-04-24 11:30 2026-04-14 Show GitHub Exploit DB Packet Storm
2448 7.2 重要
Network 		Chamilo Association Chamilo LMS Chamilo AssociationのChamilo LMSにおける複数の脆弱性 CWE-306
CWE-918
CVE-2026-33715 2026-04-24 11:30 2026-04-14 Show GitHub Exploit DB Packet Storm
2449 9.1 緊急
Network 		Open JS Foundation fastify/middie Open JS Foundationの@fastify/middieにおける解釈の競合に関する脆弱性 CWE-436
解釈の競合 		CVE-2026-33804 2026-04-24 11:30 2026-04-16 Show GitHub Exploit DB Packet Storm
2450 4.3 警告
Network 		LangGenius, Inc. Dify LangGenius, Inc.のDifyにおける複数の脆弱性 CWE-284
CWE-863
CVE-2026-34082 2026-04-24 11:30 2026-04-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
315161 7.5 HIGH
Network 		cisco unified_wireless_ip_phone_7920_firmware Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. CWE-798
 Use of Hard-coded Credentials 		CVE-2005-3803 2024-02-14 01:48 2005-11-24 Show GitHub Exploit DB Packet Storm
315162 7.5 HIGH
Network 		utstarcom f1000_wi-fi_firmware The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive… CWE-798
 Use of Hard-coded Credentials 		CVE-2005-3716 2024-02-14 01:48 2005-11-21 Show GitHub Exploit DB Packet Storm
315163 9.8 CRITICAL
Network 		arkeia network_backup Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. CWE-798
 Use of Hard-coded Credentials 		CVE-2005-0496 2024-02-14 01:48 2005-02-21 Show GitHub Exploit DB Packet Storm
315164 - iisprotect iisprotect SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certai… CWE-89
SQL Injection 		CVE-2003-0377 2024-02-14 01:47 2003-06-16 Show GitHub Exploit DB Packet Storm
315165 9.8 CRITICAL
Network 		linksys wap54g_firmware Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitr… CWE-798
 Use of Hard-coded Credentials 		CVE-2010-1573 2024-02-14 01:43 2010-06-10 Show GitHub Exploit DB Packet Storm
315166 5.5 MEDIUM
Local 		pgp personal_privacy Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently saves a decrypted copy of a message to hard disk when "Automatically decrypt/verify when opening messages" option is checked, "Alw… CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2002-1696 2024-02-14 01:20 2002-12-31 Show GitHub Exploit DB Packet Storm
315167 - cgiscript cssearch_professional csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file th… CWE-94
Code Injection 		CVE-2002-0495 2024-02-14 01:20 2002-08-12 Show GitHub Exploit DB Packet Storm
315168 9.8 CRITICAL
Network 		xitami xitami Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges. CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2001-1481 2024-02-14 01:20 2001-12-31 Show GitHub Exploit DB Packet Storm
315169 7.5 HIGH
Network 		ipswitch imail IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2005-2160 2024-02-14 01:19 2005-07-6 Show GitHub Exploit DB Packet Storm
315170 - cutephp cutenews Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a temp… CWE-94
Code Injection 		CVE-2005-1876 2024-02-14 01:19 2005-06-9 Show GitHub Exploit DB Packet Storm