Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 10, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2711	7.8	重要 Local	マイクロソフト	Kiota	マイクロソフトのKiotaにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-41134	2026-05-18 12:05	2026-04-22	Show	GitHub Exploit DB Packet Storm

2712	8.2	重要 Network	Kata Containers	Confidential Containers Kata Containers	Kata ContainersのConfidential Containers等の複数製品におけるUNIX Symbolic Link のフォローに関する脆弱性	CWE-61 UNIX Symbolic Link のフォロー	CVE-2026-41326	2026-05-18 12:05	2026-04-24	Show	GitHub Exploit DB Packet Storm

2713	8.4	重要 Local	opentelemetry	OpenTelemetry eBPF Instrumentation	opentelemetryのOpenTelemetry eBPF Instrumentationにおける複数の脆弱性	CWE-22 CWE-59	CVE-2026-41433	2026-05-18 12:05	2026-04-24	Show	GitHub Exploit DB Packet Storm

2714	5.3	警告 Network	RedwoodSDK	RedwoodSDK	RedwoodjsのRedwoodSDKにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-42190	2026-05-18 12:05	2026-05-8	Show	GitHub Exploit DB Packet Storm

2715	7.2	重要 Network	FileMaker, Inc	Claris FileMaker Cloud	Claris International Inc. (旧 FileMaker, Inc)のClaris FileMaker Cloudにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-43680	2026-05-18 12:05	2026-05-12	Show	GitHub Exploit DB Packet Storm

2716	7.2	重要 Network	FileMaker, Inc	Claris FileMaker Cloud	Claris International Inc. (旧 FileMaker, Inc)のClaris FileMaker CloudにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-43685	2026-05-18 12:05	2026-05-12	Show	GitHub Exploit DB Packet Storm

2717	6.5	警告 Network	Shellhub	Shellhub	Shellhubにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-44426	2026-05-18 12:05	2026-05-13	Show	GitHub Exploit DB Packet Storm

2718	9.8	緊急 Network	Yarbo	Lawn Mower Pro Firmware Lawn Mower Firmware	YarboのLawn Mower Firmware等の複数製品における非公開の機能に関する脆弱性	CWE-912 CWE-noinfo	CVE-2026-7413	2026-05-18 12:05	2026-05-7	Show	GitHub Exploit DB Packet Storm

2719	9.8	緊急 Network	Yarbo	Lawn Mower Pro Firmware Lawn Mower Firmware	YarboのLawn Mower Firmware等の複数製品におけるハードコードされた認証情報の使用に関する脆弱性	CWE-798 ハードコードされた認証情報の使用	CVE-2026-7414	2026-05-18 12:05	2026-05-7	Show	GitHub Exploit DB Packet Storm

2720	9.8	緊急 Network	Yarbo	Lawn Mower Pro Firmware Lawn Mower Firmware	YarboのLawn Mower Firmware等の複数製品における重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-7415	2026-05-18 12:05	2026-05-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 10, 2026, 5 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
317431	-		-	-	Portainer before 2.20.2 improperly uses an encryption algorithm in the AesEncrypt function.	-	CVE-2024-33662	2024-10-4 22:50	2024-10-2	Show	GitHub Exploit DB Packet Storm

317432	-		-	-	Versions of the package cocoon before 0.4.0 are vulnerable to Reusing a Nonce, Key Pair in Encryption when the encrypt, wrap, and dump functions are sequentially called. An attacker can generate the …	-	CVE-2024-21530	2024-10-4 22:50	2024-10-2	Show	GitHub Exploit DB Packet Storm

317433	-		-	-	LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Self Cross-Site Scripting (Self-XSS) vulnerability in the "Alert Templates" feature allows users to inject arbitrary Java…	CWE-79 Cross-site Scripting	CVE-2024-47526	2024-10-4 22:50	2024-10-2	Show	GitHub Exploit DB Packet Storm

317434	-		-	-	LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can create a Device Groups, the application did not properly sanitize the user input in the Device Gro…	-	CVE-2024-47524	2024-10-4 22:50	2024-10-2	Show	GitHub Exploit DB Packet Storm

317435	-		-	-	Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution (RCE) via the nm_unzip function.	-	CVE-2024-46084	2024-10-4 22:50	2024-10-2	Show	GitHub Exploit DB Packet Storm

317436	-		-	-	Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting (XSS) in nm_cor.php via the form and field parameters.	-	CVE-2024-46082	2024-10-4 22:50	2024-10-2	Show	GitHub Exploit DB Packet Storm

317437	4.8	MEDIUM Network	funnyzpc	mee-admin	A vulnerability, which was classified as problematic, was found in funnyzpc Mee-Admin up to 1.6. This affects an unknown part of the file /mee/index of the component User Center. The manipulation of …	CWE-79 Cross-site Scripting	CVE-2024-9279	2024-10-4 22:31	2024-09-27	Show	GitHub Exploit DB Packet Storm

317438	4.8	MEDIUM Network	mage-people	ecab_taxi_booking_manager	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MagePeople Team Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects …	CWE-79 Cross-site Scripting	CVE-2024-43986	2024-10-4 22:22	2024-08-29	Show	GitHub Exploit DB Packet Storm

317439	5.3	MEDIUM Network	funnelforms	funnelforms_free	The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check o…	CWE-862 Missing Authorization	CVE-2024-5857	2024-10-4 21:59	2024-08-29	Show	GitHub Exploit DB Packet Storm

317440	4.3	MEDIUM Network	volkov	wp_accessibility_helper	The WP Accessibility Helper (WAH) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_contrast_variations' and 'save_empty_contrast_…	CWE-862 Missing Authorization	CVE-2024-5987	2024-10-4 21:56	2024-08-29	Show	GitHub Exploit DB Packet Storm