Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
254131	6.8	警告	IBM	-	IBM Lotus Domino Web Access におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2010-0921	2010-03-16 11:15	2010-03-3	Show	GitHub Exploit DB Packet Storm

254132	4.3	警告	IBM	-	IBM Lotus Domino Web Access におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0920	2010-03-16 11:14	2010-03-3	Show	GitHub Exploit DB Packet Storm

254133	10	危険	IBM	-	IBM Lotus Domino Web Access の UltraLite 機能における脆弱性	CWE-noinfo 情報不足	CVE-2010-0918	2010-03-16 11:14	2010-03-3	Show	GitHub Exploit DB Packet Storm

254134	4.9	警告	サイバートラスト株式会社レッドハット SystemTap	-	SystemTap の _get_argv および _get_compat_argv 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2010-0411	2010-03-16 11:14	2010-02-8	Show	GitHub Exploit DB Packet Storm

254135	10	危険	サイバートラスト株式会社レッドハット SystemTap	-	SystemTap の stap-server における任意のコマンドを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-4273	2010-03-16 11:14	2010-01-26	Show	GitHub Exploit DB Packet Storm

254136	6.5	警告	サイバートラスト株式会社 Linux レッドハット	-	KVM の x86 エミュレータにおける権限昇格の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0298	2010-03-16 11:13	2010-02-9	Show	GitHub Exploit DB Packet Storm

254137	4.4	警告	サイバートラスト株式会社 Fabrice Bellard レッドハット	-	QEMU の usb_host_handle_control 関数におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0297	2010-03-16 11:13	2010-02-9	Show	GitHub Exploit DB Packet Storm

254138	6.8	警告	サン・マイクロシステムズ freedesktop.org	-	Poppler における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-3605	2010-03-15 16:40	2009-11-2	Show	GitHub Exploit DB Packet Storm

254139	4.1	警告	Linux レッドハット	-	Linux kernel の smbfs に関する脆弱性	-	CVE-2006-5871	2010-03-15 16:40	2005-10-5	Show	GitHub Exploit DB Packet Storm

254140	7.8	危険	Linux レッドハット	-	Linux kernel の selinux_parse_skb_ipv6 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2005-4886	2010-03-15 16:40	2005-10-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1281	9.8	CRITICAL Network	cpanel	cpanel whm wp_squared	cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel. Update	CWE-306 Missing Authentication for Critical Function	CVE-2026-41940	2026-05-5 03:09	2026-04-30	Show	GitHub Exploit DB Packet Storm

1282	6.5	MEDIUM Network	gnu	glibc	The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing… Update	CWE-126 Buffer Over-read	CVE-2026-6238	2026-05-5 02:57	2026-04-29	Show	GitHub Exploit DB Packet Storm

1283	7.5	HIGH Network	xwiki	cryptpad	CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2. Update	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2025-51846	2026-05-5 01:52	2026-05-1	Show	GitHub Exploit DB Packet Storm

1284	8.8	HIGH Network	progress	moveit_automation	Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before … Update	CWE-20 Improper Input Validation	CVE-2026-5174	2026-05-5 01:47	2026-05-1	Show	GitHub Exploit DB Packet Storm

1285	6.5	MEDIUM Network	-	-	During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex… Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-5337	2026-05-5 00:23	2026-05-3	Show	GitHub Exploit DB Packet Storm

1286	5.3	MEDIUM Network	-	-	The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information. New	CWE-552 Files or Directories Accessible to External Parties	CVE-2026-5335	2026-05-5 00:23	2026-05-4	Show	GitHub Exploit DB Packet Storm

1287	4.9	MEDIUM Network	-	-	Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server … New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-6948	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

1288	7.5	HIGH Network	-	-	A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and … New	CWE-130 Improper Handling of Length Parameter Inconsistency	CVE-2026-33846	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

1289	8.8	HIGH Local	-	-	A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res… New	CWE-1386 Insecure Operation on Windows Junction / Mount Point	CVE-2025-58074	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

1290	8.3	HIGH Network	-	-	A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai… New	CWE-305 Authentication Bypass by Primary Weakness	CVE-2026-6266	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm