Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3331	8.8	重要 Network	nothings	stb_truetype.h	nothingsのstb_truetype.hにおける複数の脆弱性	CWE-119 CWE-125	CVE-2026-5315	2026-05-7 12:28	2026-04-2	Show	GitHub Exploit DB Packet Storm

3332	6.5	警告 Network	nothings	stb vorbis.c	nothingsのstb vorbis.cにおける複数の脆弱性	CWE-400 CWE-770	CVE-2026-5316	2026-05-7 12:28	2026-04-2	Show	GitHub Exploit DB Packet Storm

3333	8.8	重要 Network	nothings	stb vorbis.c	nothingsのstb vorbis.cにおける複数の脆弱性	CWE-119 CWE-787	CVE-2026-5317	2026-05-7 12:28	2026-04-2	Show	GitHub Exploit DB Packet Storm

3334	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	ch22 ファームウェア	Shenzhen Tenda Technology Co.,Ltd.のch22 ファームウェアにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-5604	2026-05-7 12:28	2026-04-5	Show	GitHub Exploit DB Packet Storm

3335	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	ch22 ファームウェア	Shenzhen Tenda Technology Co.,Ltd.のch22 ファームウェアにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-5605	2026-05-7 12:28	2026-04-6	Show	GitHub Exploit DB Packet Storm

3336	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	HG3 Firmware	Shenzhen Tenda Technology Co.,Ltd.のHG3 Firmwareにおける複数の脆弱性	CWE-77 CWE-78	CVE-2026-7119	2026-05-7 12:28	2026-04-27	Show	GitHub Exploit DB Packet Storm

3337	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	HG3 Firmware	Shenzhen Tenda Technology Co.,Ltd.のHG3 Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-7151	2026-05-7 12:28	2026-04-27	Show	GitHub Exploit DB Packet Storm

3338	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	HG3 Firmware	Shenzhen Tenda Technology Co.,Ltd.のHG3 Firmwareにおける複数の脆弱性	CWE-74 CWE-77	CVE-2026-7160	2026-05-7 12:28	2026-04-27	Show	GitHub Exploit DB Packet Storm

3339	7.3	重要 Network	NextChat	NextChat	NextChatにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-7177	2026-05-7 12:28	2026-04-27	Show	GitHub Exploit DB Packet Storm

3340	7.3	重要 Network	NextChat	NextChat	NextChatにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-7178	2026-05-7 12:28	2026-04-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
317141	7.8	HIGH Local	mongodb	mongodb c_driver php_driver	Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing…	NVD-CWE-noinfo	CVE-2024-7553	2024-09-20 05:46	2024-08-7	Show	GitHub Exploit DB Packet Storm

317142	6.1	MEDIUM Network	mailcow	mailcow\	mailcow: dockerized is an open source groupware/email suite based on docker. An unauthenticated attacker can inject a JavaScript payload into the API logs. This payload is executed whenever the API l…	CWE-79 Cross-site Scripting	CVE-2024-41959	2024-09-20 05:14	2024-08-6	Show	GitHub Exploit DB Packet Storm

317143	4.8	MEDIUM Network	mailcow	mailcow\	mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is ex…	CWE-79 Cross-site Scripting	CVE-2024-41960	2024-09-20 05:01	2024-08-6	Show	GitHub Exploit DB Packet Storm

317144	6.1	MEDIUM Network	nuxt	nuxt	Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. The `navigateTo` function attempts to blockthe `javascript:` protocol, but does not correctly …	CWE-79 Cross-site Scripting	CVE-2024-34343	2024-09-20 04:57	2024-08-6	Show	GitHub Exploit DB Packet Storm

317145	6.5	MEDIUM Network	lunary	lunary	An improper access control vulnerability exists in lunary-ai/lunary at the latest commit (a761d83) on the main branch. The vulnerability allows an attacker to use the auth tokens issued by the 'invit…	NVD-CWE-Other	CVE-2024-6087	2024-09-20 04:32	2024-09-14	Show	GitHub Exploit DB Packet Storm

317146	3.9	LOW Physics	redhat opensc_project	enterprise_linux opensc	A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When …	CWE-120 Classic Buffer Overflow	CVE-2024-45620	2024-09-20 04:21	2024-09-4	Show	GitHub Exploit DB Packet Storm

317147	6.5	MEDIUM Network	eaton	foreseer_electrical_power_monitoring_system	The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the l…	CWE-1284 Improper Validation of Specified Quantity in Input	CVE-2024-31416	2024-09-20 04:06	2024-09-14	Show	GitHub Exploit DB Packet Storm

317148	8.1	HIGH Network	eaton	foreseer_electrical_power_monitoring_system	The Eaton Foreseer software provides the feasibility for the user to configure external servers for multiple purposes such as network management, user management, etc. The software uses encryption to…	CWE-522 Insufficiently Protected Credentials	CVE-2024-31415	2024-09-20 03:50	2024-09-14	Show	GitHub Exploit DB Packet Storm

317149	6.1	MEDIUM Network	eaton	foreseer_electrical_power_monitoring_system	The Eaton Foreseer software provides users the capability to customize the dashboard in WebView pages. However, the input fields for this feature in the Eaton Foreseer software lacked proper input sa…	CWE-79 Cross-site Scripting	CVE-2024-31414	2024-09-20 03:48	2024-09-14	Show	GitHub Exploit DB Packet Storm

317150	8.1	HIGH Network	lunary	lunary	A Cross-Site Request Forgery (CSRF) vulnerability exists in lunary-ai/lunary version 1.2.34 due to overly permissive CORS settings. This vulnerability allows an attacker to sign up for and create pro…	CWE-352 Origin Validation Error	CVE-2024-6862	2024-09-20 03:37	2024-09-14	Show	GitHub Exploit DB Packet Storm