Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3281 7.5 重要
Network 		VMware Spring AI VMwareのSpring AIにおける不適切なデフォルトパーミッションに関する脆弱性 CWE-276
不適切なデフォルトパーミッション 		CVE-2026-41712 2026-05-14 10:18 2026-05-12 Show GitHub Exploit DB Packet Storm
3282 8.2 重要
Network 		VMware Spring AI VMwareのSpring AIにおけるテンプレートエンジンで使用される特殊な要素の不適切な無効化に関する脆弱性 CWE-1336
テンプレートエンジンで使用される特殊な要素の不適切な無効化 		CVE-2026-41713 2026-05-14 10:18 2026-05-12 Show GitHub Exploit DB Packet Storm
3283 6.5 警告
Network 		LangGenius Dify LangGeniusのDifyにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-41950 2026-05-14 10:18 2026-05-5 Show GitHub Exploit DB Packet Storm
3284 9.6 緊急
Network 		Streetwriters Notesnook Mobile
Notesnook Desktop 		StreetwritersのNotesnook Desktop等の複数製品における複数の脆弱性 CWE-79
CWE-94
CVE-2026-42090 2026-05-14 10:18 2026-05-4 Show GitHub Exploit DB Packet Storm
3285 6.5 警告
Network 		goshs goshs goshsにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2026-42091 2026-05-14 10:18 2026-05-4 Show GitHub Exploit DB Packet Storm
3286 4.8 警告
Network 		Weblate wlc Weblateのwlcにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-42150 2026-05-14 10:18 2026-05-8 Show GitHub Exploit DB Packet Storm
3287 5.9 警告
Network 		Teluu Ltd. PJSIP Teluu Ltd.のPJSIPにおける証明書検証に関する脆弱性 CWE-295
不正な証明書検証 		CVE-2026-42225 2026-05-14 10:18 2026-05-7 Show GitHub Exploit DB Packet Storm
3288 4.3 警告
Network 		Onyx Onyx Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-42276 2026-05-14 10:18 2026-05-8 Show GitHub Exploit DB Packet Storm
3289 6.5 警告
Network 		Onyx Onyx Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-42277 2026-05-14 10:18 2026-05-8 Show GitHub Exploit DB Packet Storm
3290 5.5 警告
Local 		Python Software Foundation Python Pillow Python Software FoundationのPython Pillowにおける整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-42308 2026-05-14 10:18 2026-05-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 10, 2026, 5 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
346091 - cisco pvc2300
wvc200
wvc210
wvc2300
rvs4000 		The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-0593 2017-08-17 10:32 2010-04-22 Show GitHub Exploit DB Packet Storm
346092 - cisco mediator_framework Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Med… CWE-255
Credentials Management 		CVE-2010-0595 2017-08-17 10:32 2010-05-28 Show GitHub Exploit DB Packet Storm
346093 - webguerilla com_photoblog Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to in… CWE-89
SQL Injection 		CVE-2010-0610 2017-08-17 10:32 2010-02-12 Show GitHub Exploit DB Packet Storm
346094 - baalsystems baal_systems Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. CWE-89
SQL Injection 		CVE-2010-0611 2017-08-17 10:32 2010-02-12 Show GitHub Exploit DB Packet Storm
346095 - myshell evalsmsi Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this informat… CWE-79
Cross-site Scripting 		CVE-2010-0617 2017-08-17 10:32 2010-02-12 Show GitHub Exploit DB Packet Storm
346096 - evernewscripts free_joke_script SQL injection vulnerability in viewjokes.php in Evernew Free Joke Script 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. CWE-89
SQL Injection 		CVE-2010-0630 2017-08-17 10:32 2010-02-13 Show GitHub Exploit DB Packet Storm
346097 - parkviewconsultants com_simplefaq SQL injection vulnerability in the Parkview Consultants SimpleFAQ (com_simplefaq) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display … CWE-89
SQL Injection 		CVE-2010-0632 2017-08-17 10:32 2010-02-13 Show GitHub Exploit DB Packet Storm
346098 - cisco collaboration_server Cross-site scripting (XSS) vulnerability in webline/html/admin/wcs/LoginPage.jhtml in Cisco Collaboration Server (CCS) 5 allows remote attackers to inject arbitrary web script or HTML via the dest pa… CWE-79
Cross-site Scripting 		CVE-2010-0641 2017-08-17 10:32 2010-02-18 Show GitHub Exploit DB Packet Storm
346099 - cisco collaboration_server Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejh… CWE-200
Information Exposure 		CVE-2010-0642 2017-08-17 10:32 2010-02-18 Show GitHub Exploit DB Packet Storm
346100 - xs4all jag JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2010-0665 2017-08-17 10:32 2010-02-20 Show GitHub Exploit DB Packet Storm