Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3101 7.8 重要
Local 		MAGIX MAGIX MP3 deluxe MAGIXのMAGIX MP3 deluxeにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2018-25260 2026-05-1 10:39 2026-04-22 Show GitHub Exploit DB Packet Storm
3102 7.8 重要
Local 		Enter Srl Iperius Backup Enter SrlのIperius Backupにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2018-25261 2026-05-1 10:39 2026-04-22 Show GitHub Exploit DB Packet Storm
3103 10 緊急
Network 		マイクロソフト Microsoft Purview eDiscovery Microsoft Purview eDiscovery Elevation of Privilege Vulnerability CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-26150 2026-05-1 10:39 2026-04-23 Show GitHub Exploit DB Packet Storm
3104 8.8 重要
Network 		Nexxt Solutions Nebula300Plus Firmware Nexxt SolutionsのNebula300Plus Firmwareにおける非公開の機能に関する脆弱性 CWE-912
非公開の機能 		CVE-2026-31847 2026-05-1 10:38 2026-03-23 Show GitHub Exploit DB Packet Storm
3105 9.8 緊急
Network 		Nexxt Solutions Nebula300Plus Firmware Nexxt SolutionsのNebula300Plus Firmwareにおける重要な情報の平文保存に関する脆弱性 CWE-312
重要な情報の平文保存 		CVE-2026-31848 2026-05-1 10:38 2026-03-23 Show GitHub Exploit DB Packet Storm
3106 6.5 警告
Network 		Nexxt Solutions Nebula300Plus Firmware Nexxt SolutionsのNebula300Plus Firmwareにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2026-31849 2026-05-1 10:38 2026-03-23 Show GitHub Exploit DB Packet Storm
3107 4.9 警告
Network 		Nexxt Solutions Nebula300Plus Firmware Nexxt SolutionsのNebula300Plus Firmwareにおける認証情報の平文保存に関する脆弱性 CWE-256
平文でパスワードを保存 		CVE-2026-31850 2026-05-1 10:38 2026-03-23 Show GitHub Exploit DB Packet Storm
3108 9.8 緊急
Network 		Nexxt Solutions Nebula300Plus Firmware Nexxt SolutionsのNebula300Plus Firmwareにおける過度な認証試行の不適切な制限に関する脆弱性 CWE-307
過度な認証試行の不適切な制限 		CVE-2026-31851 2026-05-1 10:38 2026-03-23 Show GitHub Exploit DB Packet Storm
3109 6.1 警告
Network 		angular Angular CLI angularのAngular CLIにおけるオープンリダイレクトの脆弱性 CWE-601
オープンリダイレクト 		CVE-2026-33397 2026-05-1 10:38 2026-03-26 Show GitHub Exploit DB Packet Storm
3110 9.1 緊急
Network 		Fatedier FRP FatedierのFRPにおける認証に関する脆弱性 CWE-287
CWE-noinfo
CVE-2026-40910 2026-05-1 10:38 2026-04-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
315831 9.8 CRITICAL
Network 		cisco spa_301_firmware
spa_303_firmware
spa_501g_firmware
spa_502g_firmware
spa_504g_firmware
spa_508g_firmware
spa_509g_firmware
spa_512g_firmware
spa_514g_firmware
spa_525g_fir… 		Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote … CWE-120
Classic Buffer Overflow 		CVE-2024-20450 2024-08-24 03:14 2024-08-8 Show GitHub Exploit DB Packet Storm
315832 9.8 CRITICAL
Network 		cisco spa_301_firmware
spa_303_firmware
spa_501g_firmware
spa_502g_firmware
spa_504g_firmware
spa_508g_firmware
spa_509g_firmware
spa_512g_firmware
spa_514g_firmware
spa_525g_fir… 		Multiple vulnerabilities in the web-based management interface of Cisco Small Business SPA300 Series IP Phones and Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote … CWE-120
Classic Buffer Overflow 		CVE-2024-20454 2024-08-24 03:13 2024-08-8 Show GitHub Exploit DB Packet Storm
315833 6.5 MEDIUM
Network 		enphase iq_gateway_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability through a url parameter in Enphase IQ Gateway (formerly known as Envoy) allows File Manipulation. The endp… CWE-22
Path Traversal 		CVE-2024-21877 2024-08-24 03:06 2024-08-12 Show GitHub Exploit DB Packet Storm
315834 9.1 CRITICAL
Network 		enphase iq_gateway_firmware Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via a URL parameter in Enphase IQ Gateway (formerly known as Envoy) allows an unautheticated attacker to a… CWE-22
Path Traversal 		CVE-2024-21876 2024-08-24 03:05 2024-08-12 Show GitHub Exploit DB Packet Storm
315835 9.8 CRITICAL
Network 		enphase iq_gateway_firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Enphase IQ Gateway (formerly known as Envoy) allows OS Command Injection. This vulnerability is pr… CWE-78
OS Command  		CVE-2024-21878 2024-08-24 02:52 2024-08-12 Show GitHub Exploit DB Packet Storm
315836 8.8 HIGH
Network 		enphase iq_gateway_firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability through an url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Envoy) … CWE-78
OS Command  		CVE-2024-21879 2024-08-24 02:49 2024-08-12 Show GitHub Exploit DB Packet Storm
315837 7.2 HIGH
Network 		enphase iq_gateway_firmware Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability via the url parameter of an authenticated enpoint in Enphase IQ Gateway (formerly known as Enphase) a… CWE-78
OS Command  		CVE-2024-21880 2024-08-24 02:38 2024-08-12 Show GitHub Exploit DB Packet Storm
315838 - - - A Reflected Cross Site Scripting (XSS) vulnerability was found in the "/schedule.php" page of the Kashipara Bus Ticket Reservation System v1.0, which allows remote attackers to execute arbitrary code… - CVE-2024-42763 2024-08-24 02:35 2024-08-23 Show GitHub Exploit DB Packet Storm
315839 9.8 CRITICAL
Network 		squirrelly squirrelly squirrellyjs squirrelly v9.0.0 and fixed in v.9.0.1 was discovered to contain a code injection vulnerability via the component options.varName. CWE-94
Code Injection 		CVE-2024-40453 2024-08-24 02:35 2024-08-22 Show GitHub Exploit DB Packet Storm
315840 6.1 MEDIUM
Network 		okfn ckan CKAN is an open-source data management system for powering data hubs and data portals. The Datatables view plugin did not properly escape record data coming from the DataStore, leading to a potential… CWE-79
Cross-site Scripting 		CVE-2024-41675 2024-08-24 02:07 2024-08-22 Show GitHub Exploit DB Packet Storm