Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2631 8.8 重要
Network 		マイクロソフト Azure Logic Apps Azure Logic Apps の特権昇格の脆弱性 CWE-522
認証情報の不十分な保護 		CVE-2026-32171 2026-04-30 12:31 2026-04-14 Show GitHub Exploit DB Packet Storm
2632 7.5 重要
Network 		getkirby kirby getkirbyのkirbyにおけるブラインド XPath インジェクションの脆弱性 CWE-91
ブラインド XPath インジェクション 		CVE-2026-32870 2026-04-30 12:31 2026-04-24 Show GitHub Exploit DB Packet Storm
2633 9.8 緊急
Network 		Roxy-WI Roxy-WI Roxy-WIにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-33076 2026-04-30 12:31 2026-04-24 Show GitHub Exploit DB Packet Storm
2634 7.5 重要
Network 		Roxy-WI Roxy-WI Roxy-WIにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-33077 2026-04-30 12:30 2026-04-24 Show GitHub Exploit DB Packet Storm
2635 9.8 緊急
Network 		Roxy-WI Roxy-WI Roxy-WIにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-33078 2026-04-30 12:30 2026-04-24 Show GitHub Exploit DB Packet Storm
2636 8.8 重要
Network 		Roxy-WI Roxy-WI Roxy-WIにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-33208 2026-04-30 12:30 2026-04-24 Show GitHub Exploit DB Packet Storm
2637 7.5 重要
Network 		PowerDNS dnsdist PowerDNSのdnsdistにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-33254 2026-04-30 12:30 2026-04-22 Show GitHub Exploit DB Packet Storm
2638 7.5 重要
Network 		PowerDNS PowerDNS Recursor PowerDNSのPowerDNS Recursorにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-33256 2026-04-30 12:30 2026-04-22 Show GitHub Exploit DB Packet Storm
2639 7.5 重要
Network 		PowerDNS PowerDNS Recursor PowerDNSのPowerDNS Recursorにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-33258 2026-04-30 12:30 2026-04-22 Show GitHub Exploit DB Packet Storm
2640 5 警告
Network 		PowerDNS PowerDNS Recursor PowerDNSのPowerDNS Recursorにおける解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2026-33259 2026-04-30 12:30 2026-04-22 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
313891 4.9 MEDIUM
Network 		continew admin A vulnerability classified as critical was found in ContiNew Admin 3.2.0. Affected by this vulnerability is the function top.continew.starter.extension.crud.controller.BaseController#tree of the file… CWE-89
SQL Injection 		CVE-2024-8155 2024-09-12 22:53 2024-08-26 Show GitHub Exploit DB Packet Storm
313892 5.4 MEDIUM
Network 		sap commerce_backoffice SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the applicati… CWE-79
Cross-site Scripting 		CVE-2024-41735 2024-09-12 22:53 2024-08-13 Show GitHub Exploit DB Packet Storm
313893 4.3 MEDIUM
Network 		sap permit_to_work Under certain conditions SAP Permit to Work allows an authenticated attacker to access information which would otherwise be restricted causing low impact on the confidentiality of the application. NVD-CWE-noinfo
CVE-2024-41736 2024-09-12 22:51 2024-08-13 Show GitHub Exploit DB Packet Storm
313894 5.0 MEDIUM
Network 		sap crm_abap_insights_management SAP CRM ABAP (Insights Management) allows an authenticated attacker to enumerate HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2024-41737 2024-09-12 22:49 2024-08-13 Show GitHub Exploit DB Packet Storm
313895 4.3 MEDIUM
Network 		sap business_objects_business_intelligence_platform SAP BusinessObjects Business Intelligence Platform allows an authenticated attacker to upload malicious code over the network, that could be executed by the application. On successful exploitatio… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2024-42375 2024-09-12 22:46 2024-08-13 Show GitHub Exploit DB Packet Storm
313896 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2022-48905 2024-09-12 22:44 2024-08-22 Show GitHub Exploit DB Packet Storm
313897 6.5 MEDIUM
Network 		sap shared_service_framework SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high … CWE-862
 Missing Authorization 		CVE-2024-42376 2024-09-12 22:43 2024-08-13 Show GitHub Exploit DB Packet Storm
313898 4.3 MEDIUM
Network 		sap shared_service_framework SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low i… CWE-862
 Missing Authorization 		CVE-2024-42377 2024-09-12 22:42 2024-08-13 Show GitHub Exploit DB Packet Storm
313899 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large… NVD-CWE-noinfo
CVE-2022-48906 2024-09-12 22:41 2024-08-22 Show GitHub Exploit DB Packet Storm
313900 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: net: arcnet: com20020: Fix null-ptr-deref in com20020pci_probe() During driver initialization, the pointer of card info, i.e. the… CWE-476
 NULL Pointer Dereference 		CVE-2022-48908 2024-09-12 22:37 2024-08-22 Show GitHub Exploit DB Packet Storm