Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2481	6.5	警告 Network	Chamilo Association	Chamilo LMS	Chamilo AssociationのChamilo LMSにおける複数の脆弱性	CWE-285 CWE-639	CVE-2026-34370	2026-04-24 11:28	2026-04-14	Show	GitHub Exploit DB Packet Storm

2482	8.1	重要 Network	nginxui	nginx ui	Nginx UI TeamのNginx UIにおける WebSocket でのオリジン検証の欠如に関する脆弱性	CWE-1385 WebSocket でのオリジン検証の欠如	CVE-2026-34403	2026-04-24 11:28	2026-04-20	Show	GitHub Exploit DB Packet Storm

2483	3.5	低 Physics	oauth2_proxy project	oauth2_proxy	oauth2_proxy projectのoauth2_proxyにおける複数の脆弱性	CWE-384 CWE-613	CVE-2026-34454	2026-04-24 11:28	2026-04-14	Show	GitHub Exploit DB Packet Storm

2484	7.5	重要 Network	Stig (stigtsp)	Net::CIDR::Lite	Stig (stigtsp)のNet::CIDR::Liteにおける入力の構文的正当性の検証に関する脆弱性	CWE-1286 入力の構文的正当性の不適切な検証	CVE-2026-40198 CVE-2026-40199	2026-04-23 17:52	2026-04-10	Show	GitHub Exploit DB Packet Storm

2485	-	-	（複数のベンダ）	（複数の製品）	CISA ICS Advisory / ICS Medical Advisory（2026年04月21日）	-	-	2026-04-23 17:41	2026-04-22	Show	GitHub Exploit DB Packet Storm

2486	8.8	重要 Network	サイレックス・テクノロジー株式会社	SD-330AC AMC Manager	サイレックス・テクノロジー製SD-330ACおよびAMC Managerにおける複数の脆弱性	CWE-1188 CWE-121 CWE-122 CWE-1395 CWE-226 CWE-266 CWE-306 CWE-321 CWE-327 CWE-79 CWE-93	CVE-2015-5621 CVE-2024-24487 CVE-2026-32955 CVE-2026-32956 CVE-2026-32957 CVE-2026-32958 CVE-2026-32959 CVE-2026-32960 CVE-2026-32961 CVE-2026-32962 CVE-2026-32963 CV…	2026-04-23 17:36	2026-04-20	Show	GitHub Exploit DB Packet Storm

2487	7.5	重要 Network	株式会社GROWI	GROWI	GROWIにおける、正規表現を用いたサービス運用妨害（ReDoS）の脆弱性	CWE-Other その他	CVE-2026-41040	2026-04-23 15:16	2026-04-23	Show	GitHub Exploit DB Packet Storm

2488	8.8	重要 Network	一般社団法人 JPCERT コーディネーションセンター	LogonTracer	LogonTracerにおける複数の脆弱性	CWE-78 CWE-Other	CVE-2026-33277 CVE-2026-33566	2026-04-23 14:12	2026-04-23	Show	GitHub Exploit DB Packet Storm

2489	7.3	重要 Local	i-PRO株式会社	IP簡単設定ソフトウェア	i-PRO製IP簡単設定ソフトウェアにおけるDLL読み込みに関する脆弱性	CWE-Other その他	CVE-2026-34488	2026-04-23 12:21	2026-04-23	Show	GitHub Exploit DB Packet Storm

2490	4.7	警告 Network	彼方株式会社	CMS ALAYA	CMS ALAYAにおけるSQLインジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-40529	2026-04-23 12:07	2026-04-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
314881	-	sergey_korostel	php_upload_center	PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[U…	NVD-CWE-Other	CVE-2006-1207	2024-02-14 10:17	2006-03-14	Show	GitHub Exploit DB Packet Storm

314882	-	sergey_korostel	php_upload_center	Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.	NVD-CWE-Other	CVE-2006-1208	2024-02-14 10:17	2006-03-14	Show	GitHub Exploit DB Packet Storm

314883	-	bugada_andrea	php_advanced_transfer_manager	PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download…	NVD-CWE-Other	CVE-2006-1209	2024-02-14 10:17	2006-03-14	Show	GitHub Exploit DB Packet Storm

314884	-	nmdeluxe	nmdeluxe	Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the nick parameter.	NVD-CWE-Other	CVE-2006-1107	2024-02-14 10:17	2006-03-9	Show	GitHub Exploit DB Packet Storm

314885	-	nmdeluxe	nmdeluxe	SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.	NVD-CWE-Other	CVE-2006-1108	2024-02-14 10:17	2006-03-9	Show	GitHub Exploit DB Packet Storm

314886	-	game-panel	game-panel	Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a UR…	NVD-CWE-Other	CVE-2006-1080	2024-02-14 10:17	2006-03-9	Show	GitHub Exploit DB Packet Storm

314887	-	simplog	simplog	Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post.	NVD-CWE-Other	CVE-2006-1072	2024-02-14 10:17	2006-03-8	Show	GitHub Exploit DB Packet Storm

314888	-	simplog	simplog	Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters.	NVD-CWE-Other	CVE-2006-1073	2024-02-14 10:17	2006-03-8	Show	GitHub Exploit DB Packet Storm

314889	-	intensive_point	iuser_ecommerce	Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-…	NVD-CWE-noinfo	CVE-2006-0874	2024-02-14 10:17	2006-02-24	Show	GitHub Exploit DB Packet Storm

314890	-	bluecoat	sgos	Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce CONNECT rules when using Deep Content Inspection, which allows remote attackers to bypass connection filters.	NVD-CWE-Other	CVE-2006-0578	2024-02-14 10:17	2006-02-8	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed