Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3301	5.9	警告 Network	opentelemetry	opentelemetry	opentelemetryにおける過剰なサイズ値のメモリ割り当てに関する脆弱性	CWE-789 過剰なサイズ値のメモリ割り当て	CVE-2026-40182	2026-04-30 11:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

3302	9.9	緊急 Network	Apache Software Foundation	Apache Camel	Apache Software FoundationのApache Camelにおける大文字と小文字の区別の不適切な処理に関する脆弱性	CWE-178 大文字と小文字の区別の不適切な処理	CVE-2026-40453	2026-04-30 11:02	2026-04-27	Show	GitHub Exploit DB Packet Storm

3303	8.8	重要 Network	Apache Software Foundation	Apache Camel	Apache Software FoundationのApache Camelにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40473	2026-04-30 11:02	2026-04-27	Show	GitHub Exploit DB Packet Storm

3304	8.8	重要 Network	Apache Software Foundation	Apache Camel	Apache Software FoundationのApache Camelにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40858	2026-04-30 11:02	2026-04-27	Show	GitHub Exploit DB Packet Storm

3305	9.8	緊急 Network	Apache Software Foundation	Apache Camel	Apache Software FoundationのApache Camelにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40860	2026-04-30 11:02	2026-04-27	Show	GitHub Exploit DB Packet Storm

3306	7.7	重要 Network	argoproj	Argo Workflows	Argo Project AuthorsのArgo Workflowsにおける配列インデックスの検証に関する脆弱性	CWE-129 配列インデックスの不適切な検証	CVE-2026-40886	2026-04-30 11:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

3307	5.3	警告 Adjacent	opentelemetry	opentelemetry	opentelemetryにおける過剰なサイズ値のメモリ割り当てに関する脆弱性	CWE-789 過剰なサイズ値のメモリ割り当て	CVE-2026-40891	2026-04-30 11:02	2026-04-23	Show	GitHub Exploit DB Packet Storm

3308	7.8	重要 Local	レッドハット gimp	Red Hat Enterprise Linux gimp	gimp等の複数ベンダの製品における整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-40915	2026-04-30 11:02	2026-04-15	Show	GitHub Exploit DB Packet Storm

3309	5.5	警告 Local	レッドハット gimp	Red Hat Enterprise Linux gimp	gimp等の複数ベンダの製品における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-40916	2026-04-30 11:02	2026-04-15	Show	GitHub Exploit DB Packet Storm

3310	7.1	重要 Local	レッドハット gimp	Red Hat Enterprise Linux gimp	gimp等の複数ベンダの製品における境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-40917	2026-04-30 11:02	2026-04-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
314781	9.8	CRITICAL Network	easytest	easytest_online_test_platform	SQL Injection in download class learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the cstr parameter.	CWE-89 SQL Injection	CVE-2024-43773	2024-09-4 21:26	2024-09-2	Show	GitHub Exploit DB Packet Storm

314782	8.1	HIGH Network	symphonyfintech	xts_mobile_trader xts_web_trader	This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attack…	CWE-863 Incorrect Authorization	CVE-2024-45588	2024-09-4 21:15	2024-09-3	Show	GitHub Exploit DB Packet Storm

314783	8.8	HIGH Network	symphonyfintech	xts_mobile_trader xts_web_trader	This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remot…	NVD-CWE-Other	CVE-2024-45587	2024-09-4 21:15	2024-09-3	Show	GitHub Exploit DB Packet Storm

314784	8.8	HIGH Network	symphonyfintech	xts_mobile_trader xts_web_trader	This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote…	NVD-CWE-Other	CVE-2024-45586	2024-09-4 21:15	2024-09-3	Show	GitHub Exploit DB Packet Storm

314785	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: kcm: Serialise kcm_sendmsg() for the same socket. syzkaller reported UAF in kcm_release(). [0] The scenario is 1. Thread A bu…	CWE-416 Use After Free	CVE-2024-44946	2024-09-4 21:15	2024-08-31	Show	GitHub Exploit DB Packet Storm

314786	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL…	CWE-476 NULL Pointer Dereference	CVE-2024-43884	2024-09-4 21:15	2024-08-26	Show	GitHub Exploit DB Packet Storm

314787	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be rep…	CWE-416 Use After Free	CVE-2024-43853	2024-09-4 21:15	2024-08-17	Show	GitHub Exploit DB Packet Storm

314788	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to…	CWE-416 Use After Free	CVE-2024-42314	2024-09-4 21:15	2024-08-17	Show	GitHub Exploit DB Packet Storm

314789	9.8	CRITICAL Network	easytest	easytest_online_test_platform	SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter.	CWE-89 SQL Injection	CVE-2024-43772	2024-09-4 21:11	2024-09-2	Show	GitHub Exploit DB Packet Storm

314790	4.3	MEDIUM Network	majeedraza	carousel_slider	WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Sl…	CWE-352 Origin Validation Error	CVE-2024-45270	2024-09-4 20:51	2024-09-2	Show	GitHub Exploit DB Packet Storm