Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 16, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2811	8.8	重要 Network	Lawnchair	Lawnchair	Lawnchairにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-39866	2026-04-27 11:27	2026-04-21	Show	GitHub Exploit DB Packet Storm

2812	6.1	警告 Network	NetFoundry	zrok	NetFoundryのzrokにおける複数の脆弱性	CWE-116 CWE-79	CVE-2026-40302	2026-04-27 11:27	2026-04-17	Show	GitHub Exploit DB Packet Storm

2813	7.5	重要 Network	NetFoundry	zrok	NetFoundryのzrokにおける複数の脆弱性	CWE-400 CWE-789	CVE-2026-40303	2026-04-27 11:27	2026-04-17	Show	GitHub Exploit DB Packet Storm

2814	5.3	警告 Network	NetFoundry	zrok	NetFoundryのzrokにおける複数の脆弱性	CWE-284 CWE-863	CVE-2026-40304	2026-04-27 11:27	2026-04-17	Show	GitHub Exploit DB Packet Storm

2815	8.8	重要 Network	HKUDS	OpenHarness	HKUDSのOpenHarnessにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-40502	2026-04-27 11:27	2026-04-16	Show	GitHub Exploit DB Packet Storm

2816	6.5	警告 Network	HKUDS	OpenHarness	HKUDSのOpenHarnessにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-40503	2026-04-27 11:27	2026-04-16	Show	GitHub Exploit DB Packet Storm

2817	8.8	重要 Network	FreePBX	API Module	FreePBXのAPI ModuleにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-40520	2026-04-27 11:26	2026-04-21	Show	GitHub Exploit DB Packet Storm

2818	6.1	警告 Network	Yusuke Inuzuka (yuin)	goldmark	Yusuke Inuzuka (yuin)のgoldmarkにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5160	2026-04-27 11:26	2026-04-15	Show	GitHub Exploit DB Packet Storm

2819	6.5	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2025-0186	2026-04-27 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2820	6.5	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2025-3922	2026-04-27 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 16, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
316411	7.5	HIGH Network	dlink	dwl-900ap\+_firmware	D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the admi…	CWE-306 Missing Authentication for Critical Function	CVE-2002-1810	2024-02-15 02:25	2002-12-31	Show	GitHub Exploit DB Packet Storm

316412	-		andynorman	gnuserv	gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a bu…	CWE-120 Classic Buffer Overflow	CVE-2001-0191	2024-02-15 02:25	2001-05-3	Show	GitHub Exploit DB Packet Storm

316413	-		awstats canonical debian	awstats ubuntu_linux debian_linux	Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $u…	CWE-94 Code Injection	CVE-2005-1527	2024-02-15 01:58	2005-08-15	Show	GitHub Exploit DB Packet Storm

316414	7.5	HIGH Network	netsourcecommerce	productcart	EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.	CWE-326 Inadequate Encryption Strength	CVE-2004-2172	2024-02-15 01:58	2004-12-31	Show	GitHub Exploit DB Packet Storm

316415	-		cgiscript	csguestbook	csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.	CWE-94 Code Injection	CVE-2002-1750	2024-02-15 01:57	2002-12-31	Show	GitHub Exploit DB Packet Storm

316416	-		cgiscript	cschat-r-box	csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.	CWE-94 Code Injection	CVE-2002-1752	2024-02-15 01:57	2002-12-31	Show	GitHub Exploit DB Packet Storm

316417	-		cgiscript	csnews_professional	csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows remote attackers to execute arbitrary Perl code via the setup parameter, which is processed by the Perl eval function.	CWE-94 Code Injection	CVE-2002-1753	2024-02-15 01:56	2002-12-31	Show	GitHub Exploit DB Packet Storm

316418	5.5	MEDIUM Local	daansystems	newsreactor	NewsReactor 1.0 uses a weak encryption scheme, which could allow local users to decrypt the passwords and gain access to other users' newsgroup accounts.	CWE-326 Inadequate Encryption Strength	CVE-2002-1682	2024-02-15 01:55	2002-12-31	Show	GitHub Exploit DB Packet Storm

316419	7.8	HIGH Local	mckesson	pathways_homecare	Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.	CWE-326 Inadequate Encryption Strength	CVE-2001-1546	2024-02-15 01:55	2001-12-31	Show	GitHub Exploit DB Packet Storm

316420	9.8	CRITICAL Network	arkeia	arkeia	Knox Arkeia server 4.2, and possibly other versions, uses a constant salt when encrypting passwords using the crypt() function, which makes it easier for an attacker to conduct brute force password g…	CWE-916 Use of Password Hash With Insufficient Computational Effort	CVE-2001-0967	2024-02-15 01:55	2001-08-31	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed