Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 17, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2771 7.6 重要
Network 		HKUDS OpenHarness HKUDSのOpenHarnessにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2026-6729 2026-04-27 11:29 2026-04-20 Show GitHub Exploit DB Packet Storm
2772 9.8 緊急
Network 		Topsec Technologies Group Inc. Tianxin Internet Behavior Management System Topsec Technologies Group Inc.のTianxin Internet Behavior Management SystemにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2021-4473 2026-04-27 11:29 2026-04-7 Show GitHub Exploit DB Packet Storm
2773 7.2 重要
Network 		Dolibarr ERP & CRM dolibarr erp/crm Dolibarr ERP & CRMのdolibarr erp/crmにおける複数の脆弱性 CWE-94
CWE-95
CVE-2026-22666 2026-04-27 11:29 2026-04-7 Show GitHub Exploit DB Packet Storm
2774 9.8 緊急
Network 		Weaver Software Weaver e cology Weaver SoftwareのWeaver e cologyにおける重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2026-22679 2026-04-27 11:29 2026-04-7 Show GitHub Exploit DB Packet Storm
2775 8.8 重要
Local 		PackageKit Project PackageKit PackageKit ProjectのPackageKitにおけるTime-of-check Time-of-use (TOCTOU) 競合状態の脆弱性 CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態 		CVE-2026-41651 2026-04-27 11:29 2026-04-22 Show GitHub Exploit DB Packet Storm
2776 4.4 警告
Local 		libjxl project libjxl libjxl projectのlibjxlにおける初期化されていないリソースの使用に関する脆弱性 CWE-908
初期化されていないリソースの使用 		CVE-2025-12474 2026-04-27 11:28 2026-02-11 Show GitHub Exploit DB Packet Storm
2777 7.5 重要
Network 		FirebirdSQL Firebird FirebirdSQLのFirebirdにおける情報漏えいに関する脆弱性 CWE-200
CWE-noinfo
CVE-2025-65104 2026-04-27 11:28 2026-04-17 Show GitHub Exploit DB Packet Storm
2778 6.7 警告
Local 		マイクロソフト Microsoft Windows 10 1607
Microsoft Windows Server 2016
Microsoft Windows 10 1809
Microsoft Windows 10 22h2
Microsoft Wind… 		UEFI セキュア ブートのセキュリティ機能バイパスの脆弱性 CWE-807
セキュリティ決定の信頼できない入力への依存 		CVE-2026-0390 2026-04-27 11:28 2026-04-14 Show GitHub Exploit DB Packet Storm
2779 4.3 警告
Network 		wolfssh wolfssh wolfsshにおける複数の脆弱性 CWE-125
CWE-126
CVE-2026-0930 2026-04-27 11:28 2026-04-20 Show GitHub Exploit DB Packet Storm
2780 5.5 警告
Local 		マイクロソフト Microsoft Windows Server 2019
Microsoft Windows 11 23h2
Microsoft Windows 11 26h1
Microsoft Windows 10 1809
Microsoft Wind… 		Windows COM サーバーの情報漏えいの脆弱性 CWE-843
型の取り違え 		CVE-2026-20806 2026-04-27 11:28 2026-04-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
314231 7.5 HIGH
Network 		netskope netskope Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, … CWE-287
Improper Authentication 		CVE-2024-7401 2024-09-6 03:34 2024-08-27 Show GitHub Exploit DB Packet Storm
314232 9.8 CRITICAL
Network 		ruoyi ruoyi RuoYi CMS v4.7.9 was discovered to contain a SQL injection vulnerability via the job_id parameter at /sasfs1. CWE-89
SQL Injection 		CVE-2024-42913 2024-09-6 03:31 2024-08-27 Show GitHub Exploit DB Packet Storm
314233 9.8 CRITICAL
Network 		skyss arfa-cms A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows remote attackers to execute arbitrary SQL commands via the psid parameter. CWE-89
SQL Injection 		CVE-2024-45265 2024-09-6 03:30 2024-08-27 Show GitHub Exploit DB Packet Storm
314234 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: bpf: add missing check_func_arg_reg_off() to prevent out-of-bounds memory accesses Currently, it's possible to pass in a modified… CWE-787
 Out-of-bounds Write 		CVE-2024-43910 2024-09-6 03:30 2024-08-26 Show GitHub Exploit DB Packet Storm
314235 6.1 MEDIUM
Network 		testlink testlink TestLink before v.1.9.20 is vulnerable to Cross Site Scripting (XSS) via the pop-up on upload file. When uploading a file, the XSS payload can be entered into the file name. CWE-79
Cross-site Scripting 		CVE-2024-42906 2024-09-6 03:29 2024-08-27 Show GitHub Exploit DB Packet Storm
314236 7.5 HIGH
Network 		gl-inet mt6000_firmware
x3000_firmware
xe3000_firmware
a1300_firmware
ax1800_firmware
axt1800_firmware
mt2500_firmware
mt3000_firmware
xe300_firmware
x750_firmware
sft1200_firmw… 		A denial-of-service issue was discovered on certain GL-iNet devices. Some websites can detect devices exposed to the external network through DDNS, and consequently obtain the IP addresses and ports … NVD-CWE-noinfo
CVE-2024-28077 2024-09-6 03:29 2024-08-27 Show GitHub Exploit DB Packet Storm
314237 6.1 MEDIUM
Network 		xiebruce picuploader A cross-site scripting (XSS) vulnerability in the component /master/auth/OnedriveRedirect.php of PicUploader commit fcf82ea allows attackers to execute arbitrary web scripts or HTML via a crafted pay… CWE-79
Cross-site Scripting 		CVE-2024-44794 2024-09-6 03:28 2024-08-27 Show GitHub Exploit DB Packet Storm
314238 6.1 MEDIUM
Network 		gazelle_project gazelle A cross-site scripting (XSS) vulnerability in the component /managers/multiple_freeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload … CWE-79
Cross-site Scripting 		CVE-2024-44793 2024-09-6 03:28 2024-08-27 Show GitHub Exploit DB Packet Storm
314239 6.1 MEDIUM
Network 		gazelle_project gazelle A cross-site scripting (XSS) vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into… CWE-79
Cross-site Scripting 		CVE-2024-44795 2024-09-6 03:26 2024-08-27 Show GitHub Exploit DB Packet Storm
314240 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: disallow setting special AP channel widths Setting the AP channel width is meant for use with the normal 20/40/...… NVD-CWE-noinfo
CVE-2024-43912 2024-09-6 03:19 2024-08-26 Show GitHub Exploit DB Packet Storm