Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 16, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2701 2.9
Local 		オラクル Oracle GraalVM for JDK
Oracle GraalVM
JRE
JDK 		オラクルのOracle GraalVM等の複数製品における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2026-22007 2026-04-28 10:13 2026-04-21 Show GitHub Exploit DB Packet Storm
2702 5.3 警告
Network 		オラクル Oracle GraalVM for JDK
Oracle GraalVM
JRE
JDK 		オラクルのOracle GraalVM等の複数製品における保護メカニズムの不具合に関する脆弱性 CWE-693
保護メカニズムの不具合 		CVE-2026-22013 2026-04-28 10:13 2026-04-21 Show GitHub Exploit DB Packet Storm
2703 7.5 重要
Network 		オラクル Oracle GraalVM for JDK
Oracle GraalVM
JRE
JDK 		オラクルのOracle GraalVM等の複数製品における複数の脆弱性 CWE-200
CWE-502
CVE-2026-22016 2026-04-28 10:13 2026-04-21 Show GitHub Exploit DB Packet Storm
2704 3.7
Network 		オラクル Oracle GraalVM for JDK
Oracle GraalVM
JRE
JDK 		オラクルのOracle GraalVM等の複数製品における制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-22018 2026-04-28 10:13 2026-04-21 Show GitHub Exploit DB Packet Storm
2705 5.3 警告
Network 		オラクル Oracle GraalVM for JDK
Oracle GraalVM
JRE
JDK 		オラクルのOracle GraalVM等の複数製品におけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2026-22021 2026-04-28 10:13 2026-04-21 Show GitHub Exploit DB Packet Storm
2706 8.1 重要
Network 		Apache Software Foundation Apache DolphinScheduler Apache Software FoundationのApache DolphinSchedulerにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-23902 2026-04-28 10:13 2026-04-24 Show GitHub Exploit DB Packet Storm
2707 7.7 重要
Network 		neutrinolabs xrdp neutrinolabsのxrdpにおけるデータの整合性検証不備に関する脆弱性 CWE-354
データの整合性検証不備 		CVE-2026-32105 2026-04-28 10:13 2026-04-17 Show GitHub Exploit DB Packet Storm
2708 8.8 重要
Local 		neutrinolabs xrdp neutrinolabsのxrdpにおける削除された特権に対する不適切なチェックに関する脆弱性 CWE-273
削除された特権に対する不適切なチェック 		CVE-2026-32107 2026-04-28 10:13 2026-04-17 Show GitHub Exploit DB Packet Storm
2709 8.1 重要
Network 		neutrinolabs xrdp neutrinolabsのxrdpにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-122
ヒープオーバーフロー 		CVE-2026-32623 2026-04-28 10:13 2026-04-17 Show GitHub Exploit DB Packet Storm
2710 6.5 警告
Network 		neutrinolabs xrdp neutrinolabsのxrdpにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-122
ヒープオーバーフロー 		CVE-2026-32624 2026-04-28 10:13 2026-04-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 16, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
314241 7.8 HIGH
Local 		aertherwide exiftags Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function. CWE-787
 Out-of-bounds Write 		CVE-2024-42851 2024-08-31 00:30 2024-08-28 Show GitHub Exploit DB Packet Storm
314242 7.5 HIGH
Network 		kitsada8621 digital_library_management_system A vulnerability was found in kitsada8621 Digital Library Management System 1.0. It has been classified as problematic. Affected is the function JwtRefreshAuth of the file middleware/jwt_refresh_token… CWE-116
 Improper Encoding or Escaping of Output 		CVE-2024-8297 2024-08-31 00:28 2024-08-29 Show GitHub Exploit DB Packet Storm
314243 9.8 CRITICAL
Network 		gitapp dingfanzu A vulnerability was found in dingfanzu CMS up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /aj… CWE-89
SQL Injection 		CVE-2024-8301 2024-08-31 00:24 2024-08-29 Show GitHub Exploit DB Packet Storm
314244 4.8 MEDIUM
Adjacent 		teldat rs123_firmware
rs123w_firmware 		Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page. CWE-79
Cross-site Scripting 		CVE-2022-39996 2024-08-31 00:17 2024-08-28 Show GitHub Exploit DB Packet Storm
314245 4.3 MEDIUM
Network 		smashballoon reviews_feed The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and i… CWE-352
 Origin Validation Error 		CVE-2024-8200 2024-08-31 00:08 2024-08-28 Show GitHub Exploit DB Packet Storm
314246 4.3 MEDIUM
Network 		smashballoon reviews_feed The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capa… CWE-862
 Missing Authorization 		CVE-2024-8199 2024-08-31 00:04 2024-08-28 Show GitHub Exploit DB Packet Storm
314247 8.8 HIGH
Network 		skyss arfa-cms A cross-site request forgery (CSRF) vulnerability in the admin panel in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to add a new administrator, leading to escalation of privileges. CWE-352
 Origin Validation Error 		CVE-2024-45264 2024-08-31 00:02 2024-08-28 Show GitHub Exploit DB Packet Storm
314248 9.8 CRITICAL
Network 		dlink dir-846w_firmware D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request. CWE-78
OS Command  		CVE-2024-44342 2024-08-30 23:57 2024-08-28 Show GitHub Exploit DB Packet Storm
314249 9.8 CRITICAL
Network 		dlink dir-846w_firmware D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST requ… CWE-78
OS Command  		CVE-2024-44341 2024-08-30 23:57 2024-08-28 Show GitHub Exploit DB Packet Storm
314250 8.8 HIGH
Network 		dlink dir-846w_firmware D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings. CWE-78
OS Command  		CVE-2024-44340 2024-08-30 23:56 2024-08-28 Show GitHub Exploit DB Packet Storm