Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2521	9	緊急 Network	Jenkins プロジェクト	GitHub	JenkinsのGitHubにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-42523	2026-05-7 10:51	2026-04-29	Show	GitHub Exploit DB Packet Storm

2522	8	重要 Network	Jenkins プロジェクト	HTML Publisher Plugin	JenkinsのHTML Publisher Pluginにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-42524	2026-05-7 10:51	2026-04-29	Show	GitHub Exploit DB Packet Storm

2523	4.3	警告 Network	Jenkins プロジェクト	Azure AD	JenkinsのAzure ADにおけるオープンリダイレクトの脆弱性	CWE-601 オープンリダイレクト	CVE-2026-42525	2026-05-7 10:51	2026-04-29	Show	GitHub Exploit DB Packet Storm

2524	8.8	重要 Adjacent	TP-LINK Technologies	TL-WR841N ファームウェア	TP-LINK TechnologiesのTL-WR841N ファームウェアにおけるデフォルトの暗号鍵の使用に関する脆弱性	CWE-1394 デフォルトの暗号鍵の使用	CVE-2026-5039	2026-05-7 10:51	2026-04-23	Show	GitHub Exploit DB Packet Storm

2525	7.3	重要 Network	GNU Project	GNU C Library	GNU ProjectのGNU C Libraryにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-5435	2026-05-7 10:51	2026-04-28	Show	GitHub Exploit DB Packet Storm

2526	7.5	重要 Network	Progress Software Corporation	Telerik UI for ASP.NET AJAX	Progress Software CorporationのTelerik UI for ASP.NET AJAXにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-6022	2026-05-7 10:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

2527	9.8	緊急 Network	Progress Software Corporation	Telerik UI for ASP.NET AJAX	Progress Software CorporationのTelerik UI for ASP.NET AJAXにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-6023	2026-05-7 10:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

2528	2.7	低 Network	Tanium	Tanium Server	TaniumのTanium Serverにおける認証情報の不十分な保護に関する脆弱性	CWE-522 認証情報の不十分な保護	CVE-2026-6408	2026-05-7 10:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

2529	5.5	警告 Local	Wireshark	Wireshark	WiresharkにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-6525	2026-05-7 10:51	2026-05-2	Show	GitHub Exploit DB Packet Storm

2530	7.5	重要 Network	TYPO3 Association	TYPO3	TYPO3 AssociationのTYPO3における重要な情報の平文保存に関する脆弱性	CWE-312 重要な情報の平文保存	CVE-2026-6553	2026-05-7 10:51	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
317731	-	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	-	CVE-2023-45916	2024-01-29 18:15	2024-01-29	Show	GitHub Exploit DB Packet Storm

317732	-	-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER.	-	CVE-2023-6470	2024-01-27 06:15	2024-01-27	Show	GitHub Exploit DB Packet Storm

317733	-	noguska	nola	The document management module in NOLA 1.1.1 and 1.1.2 does not restrict the types of files that are uploaded, which allows remote attackers to upload and execute arbitrary PHP files with extensions …	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2002-1841	2024-01-27 05:01	2002-12-31	Show	GitHub Exploit DB Packet Storm

317734	-	apache	http_server	Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a \| pipe character) provided as arguments to batch (.bat)…	CWE-78 OS Command	CVE-2002-0061	2024-01-27 05:01	2002-03-21	Show	GitHub Exploit DB Packet Storm

317735	-	hypermail_development	hypermail	Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by reque…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2001-0901	2024-01-27 05:01	2001-11-19	Show	GitHub Exploit DB Packet Storm

317736	-	apache ncsa	http_server ncsa_httpd	phf CGI program allows remote command execution through shell metacharacters.	CWE-78 OS Command	CVE-1999-0067	2024-01-27 05:00	1996-03-20	Show	GitHub Exploit DB Packet Storm

317737	-	e107	e107	ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to imag…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2004-2262	2024-01-27 04:10	2004-12-31	Show	GitHub Exploit DB Packet Storm

317738	-	yvesglodt	i-man	I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2005-1868	2024-01-27 04:07	2005-06-9	Show	GitHub Exploit DB Packet Storm

317739	-	yapig	yapig	upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP co…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2005-1881	2024-01-27 04:07	2005-06-6	Show	GitHub Exploit DB Packet Storm

317740	-	deluxebb	deluxebb	DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupl…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2006-4558	2024-01-27 04:02	2006-09-6	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed