Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 18, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3101	3.3	低 Local	Continue	Continue	Continueにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-8770	2026-05-21 10:54	2026-05-18	Show	GitHub Exploit DB Packet Storm

3102	4.8	警告 Network	Nozomi Networks Inc.	cmc Guardian	Nozomi Networks Inc.のCMC等の複数製品におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-40901	2026-05-21 10:54	2026-05-19	Show	GitHub Exploit DB Packet Storm

3103	4.8	警告 Network	Nozomi Networks Inc.	cmc Guardian	Nozomi Networks Inc.のCMC等の複数製品におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-40902	2026-05-21 10:54	2026-05-19	Show	GitHub Exploit DB Packet Storm

3104	4.8	警告 Network	Nozomi Networks Inc.	cmc Guardian	Nozomi Networks Inc.のCMC等の複数製品におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-40903	2026-05-21 10:54	2026-05-19	Show	GitHub Exploit DB Packet Storm

3105	5.4	警告 Network	Nozomi Networks Inc.	cmc Guardian	Nozomi Networks Inc.のCMC等の複数製品におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-40904	2026-05-21 10:54	2026-05-19	Show	GitHub Exploit DB Packet Storm

3106	7.3	重要 Local	アクシスコミュニケーションズ	AXIS OS	アクシスコミュニケーションズのAXIS OSにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-0541	2026-05-21 10:54	2026-05-12	Show	GitHub Exploit DB Packet Storm

3107	7.3	重要 Local	アクシスコミュニケーションズ	AXIS OS	アクシスコミュニケーションズのAXIS OSにおける指定されたタイプの入力に対する不適切な検証に関する脆弱性	CWE-1287 指定されたタイプの入力に対する不適切な検証	CVE-2026-0802	2026-05-21 10:54	2026-05-12	Show	GitHub Exploit DB Packet Storm

3108	7.3	重要 Local	アクシスコミュニケーションズ	AXIS OS	アクシスコミュニケーションズのAXIS OSにおけるパストラバーサルの脆弱性	CWE-35 パストラバーサル	CVE-2026-0804	2026-05-21 10:54	2026-05-12	Show	GitHub Exploit DB Packet Storm

3109	8.8	重要 Network	アクシスコミュニケーションズ	AXIS OS	アクシスコミュニケーションズのAXIS OSにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-1185	2026-05-21 10:54	2026-05-12	Show	GitHub Exploit DB Packet Storm

3110	6.5	警告 Local	Xen プロジェクト	Xen	Xen プロジェクトのXenにおける到達可能なアサーションに関する脆弱性	CWE-617 到達可能なアサーション	CVE-2026-23557	2026-05-21 10:54	2026-05-19	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 18, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
319151	5.3	MEDIUM Network	coffee2code	remember_me_controls	The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php …	CWE-209 Information Exposure Through an Error Message	CVE-2024-7415	2024-10-1 02:46	2024-09-6	Show	GitHub Exploit DB Packet Storm

319152	8.2	HIGH Network	scriptcase	scriptcase	Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnera…	CWE-79 Cross-site Scripting	CVE-2024-8942	2024-10-1 02:39	2024-09-25	Show	GitHub Exploit DB Packet Storm

319153	7.5	HIGH Network	linuxptp_project	linuxptp	An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function	NVD-CWE-noinfo	CVE-2024-42861	2024-10-1 02:35	2024-09-24	Show	GitHub Exploit DB Packet Storm

319154	6.1	MEDIUM Network	flowiseai	embed flowise	Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0.	CWE-79 Cross-site Scripting	CVE-2024-9148	2024-10-1 02:34	2024-09-25	Show	GitHub Exploit DB Packet Storm

319155	5.4	MEDIUM Network	concretecms	concrete_cms	Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users …	CWE-79 Cross-site Scripting	CVE-2024-7398	2024-10-1 01:12	2024-09-25	Show	GitHub Exploit DB Packet Storm

319156	4.8	MEDIUM Network	concretecms	concrete_cms	Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete C…	CWE-79 Cross-site Scripting	CVE-2024-8291	2024-10-1 00:59	2024-09-25	Show	GitHub Exploit DB Packet Storm

319157	2.7	LOW Network	github	enterprise_server	An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of G…	NVD-CWE-noinfo	CVE-2024-8263	2024-10-1 00:57	2024-09-24	Show	GitHub Exploit DB Packet Storm

319158	7.5	HIGH Network	ibm	aspera_console	IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabilit…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2022-43845	2024-10-1 00:53	2024-09-25	Show	GitHub Exploit DB Packet Storm

319159	4.9	MEDIUM Network	zyxel	wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…	An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated at…	NVD-CWE-noinfo	CVE-2024-38268	2024-10-1 00:52	2024-09-24	Show	GitHub Exploit DB Packet Storm

319160	4.9	MEDIUM Network	zyxel	wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…	An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated a…	NVD-CWE-noinfo	CVE-2024-38267	2024-10-1 00:52	2024-09-24	Show	GitHub Exploit DB Packet Storm