Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 20, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3291	7.5	重要 Network	freedom	SecureDrop-Client	freedomのSecureDrop-Clientにおける複数の脆弱性	CWE-36 CWE-73	CVE-2026-35465	2026-04-27 11:27	2026-04-18	Show	GitHub Exploit DB Packet Storm

3292	8.4	重要 Local	Gitlawb	OpenClaude	GitlawbのOpenClaudeにおける複数の脆弱性	CWE-22 CWE-284	CVE-2026-35570	2026-04-27 11:27	2026-04-21	Show	GitHub Exploit DB Packet Storm

3293	8.8	重要 Network	M1k1o	Neko	M1k1oのNekoにおける複数の脆弱性	CWE-20 CWE-269 CWE-284 CWE-639 CWE-862	CVE-2026-39386	2026-04-27 11:27	2026-04-21	Show	GitHub Exploit DB Packet Storm

3294	8.8	重要 Network	Lawnchair	Lawnchair	Lawnchairにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-39866	2026-04-27 11:27	2026-04-21	Show	GitHub Exploit DB Packet Storm

3295	6.1	警告 Network	NetFoundry	zrok	NetFoundryのzrokにおける複数の脆弱性	CWE-116 CWE-79	CVE-2026-40302	2026-04-27 11:27	2026-04-17	Show	GitHub Exploit DB Packet Storm

3296	7.5	重要 Network	NetFoundry	zrok	NetFoundryのzrokにおける複数の脆弱性	CWE-400 CWE-789	CVE-2026-40303	2026-04-27 11:27	2026-04-17	Show	GitHub Exploit DB Packet Storm

3297	5.3	警告 Network	NetFoundry	zrok	NetFoundryのzrokにおける複数の脆弱性	CWE-284 CWE-863	CVE-2026-40304	2026-04-27 11:27	2026-04-17	Show	GitHub Exploit DB Packet Storm

3298	8.8	重要 Network	HKUDS	OpenHarness	HKUDSのOpenHarnessにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-40502	2026-04-27 11:27	2026-04-16	Show	GitHub Exploit DB Packet Storm

3299	6.5	警告 Network	HKUDS	OpenHarness	HKUDSのOpenHarnessにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-40503	2026-04-27 11:27	2026-04-16	Show	GitHub Exploit DB Packet Storm

3300	8.8	重要 Network	FreePBX	API Module	FreePBXのAPI ModuleにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-40520	2026-04-27 11:26	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
314811	7.5	HIGH Network	barix	sip_client_firmware	Barix – CWE-200 Exposure of Sensitive Information to an Unauthorized Actor	CWE-200 Information Exposure	CVE-2024-41700	2024-09-4 04:37	2024-08-20	Show	GitHub Exploit DB Packet Storm

314812	7.5	HIGH Network	tenda	fh1201_firmware	Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the wanmode parameter in the fromAdvSetWan function. This vulnerability allows attackers to cause a Denial of Service (DoS)…	CWE-787 Out-of-bounds Write	CVE-2024-42941	2024-09-4 04:35	2024-08-16	Show	GitHub Exploit DB Packet Storm

314813	7.5	HIGH Network	tenda	fh1201_firmware	Tenda FH1201 v1.2.0.14 (408) was discovered to contain a stack overflow via the page parameter in the fromP2pListFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS…	CWE-787 Out-of-bounds Write	CVE-2024-42940	2024-09-4 04:35	2024-08-16	Show	GitHub Exploit DB Packet Storm

314814	5.4	MEDIUM Network	mayurik	best_house_rental_management_system	A Stored Cross Site Scripting (XSS) vulnerability was found in "manage_houses.php" in SourceCodester Best House Rental Management System v1.0. It allows remote attackers to execute arbitrary code via…	CWE-79 Cross-site Scripting	CVE-2024-40473	2024-09-4 04:35	2024-08-12	Show	GitHub Exploit DB Packet Storm

314815	6.1	MEDIUM Network	lopalopa	responsive_school_management_system	A Reflected Cross Site Scripting (XSS) vulnerability was found in " /smsa/admin_login.php" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary …	CWE-79 Cross-site Scripting	CVE-2024-41241	2024-09-4 04:35	2024-08-8	Show	GitHub Exploit DB Packet Storm

314816	7.5	HIGH Network	hms-networks	ewon_cosy\+_firmware	Insecure Permissions vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are susceptible to leaking information through cookies. This is fixed in vers…	CWE-312 Cleartext Storage of Sensitive Information	CVE-2024-33892	2024-09-4 04:18	2024-08-3	Show	GitHub Exploit DB Packet Storm

314817	7.2	HIGH Network	hms-networks	ewon_cosy\+_firmware	Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are vulnerable to code injection due to improper parameter blacklisting. This is fixed in version 21.2s10 and 22.1s…	CWE-78 OS Command	CVE-2024-33896	2024-09-4 04:02	2024-08-3	Show	GitHub Exploit DB Packet Storm

314818	6.6	MEDIUM Physics	hms-networks	ewon_cosy\+_firmware	Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 use a unique key to encrypt the configuration parameters. This is fixed in version 21.2s10 and 22.1s3, the key is n…	CWE-798 Use of Hard-coded Credentials	CVE-2024-33895	2024-09-4 04:02	2024-08-3	Show	GitHub Exploit DB Packet Storm

314819	9.8	CRITICAL Network	arajajyothibabu	school_management_system	School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the transport parameter at vehicle.php.	CWE-89 SQL Injection	CVE-2024-42568	2024-09-4 03:35	2024-08-20	Show	GitHub Exploit DB Packet Storm

314820	7.5	HIGH Network	tenda	fh1206_firmware	Tenda FH1206 v02.03.01.35 was discovered to contain a stack overflow via the modino parameter in the fromPptpUserAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) v…	CWE-787 Out-of-bounds Write	CVE-2024-42987	2024-09-4 03:35	2024-08-16	Show	GitHub Exploit DB Packet Storm