Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3331	7.5	重要 Network	Web Technologies	Change Detection	Web TechnologiesのChange Detectionにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2026-43891	2026-05-18 11:25	2026-05-12	Show	GitHub Exploit DB Packet Storm

3332	8.7	重要 Network	Daniel Garcia	Vaultwarden	Daniel GarciaのVaultwardenにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2026-43912	2026-05-18 11:25	2026-05-11	Show	GitHub Exploit DB Packet Storm

3333	9.1	緊急 Network	OPNsense project	OPNsense	OPNsenseにおける引数の挿入または変更に関する脆弱性	CWE-88 引数の挿入または変更	CVE-2026-44193	2026-05-18 11:25	2026-05-13	Show	GitHub Exploit DB Packet Storm

3334	9.1	緊急 Network	OPNsense project	OPNsense	OPNsenseにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-44194	2026-05-18 11:25	2026-05-13	Show	GitHub Exploit DB Packet Storm

3335	6.5	警告 Network	OPNsense project	OPNsense	OPNsenseにおける過度な認証試行の不適切な制限に関する脆弱性	CWE-307 過度な認証試行の不適切な制限	CVE-2026-44195	2026-05-18 11:25	2026-05-13	Show	GitHub Exploit DB Packet Storm

3336	9.8	緊急 Network	フォーティネット	FortiAuthenticator	フォーティネットのFortiAuthenticatorにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-44277	2026-05-18 11:25	2026-05-12	Show	GitHub Exploit DB Packet Storm

3337	5.5	警告 Local	フォーティネット	FortiClient	フォーティネットのFortiClientにおけるハードコードされた暗号鍵の使用に関する脆弱性	CWE-321 ハードコードされた暗号鍵の使用	CVE-2026-44278	2026-05-18 11:25	2026-05-12	Show	GitHub Exploit DB Packet Storm

3338	5.5	警告 Local	フォーティネット	FortiToken Mobile	フォーティネットのFortiToken MobileにおけるAndroid アプリケーションコンポーネントの不適切なエクスポートの脆弱性	CWE-926 Android アプリケーションコンポーネントの不適切なエクスポート	CVE-2026-44279	2026-05-18 11:25	2026-05-12	Show	GitHub Exploit DB Packet Storm

3339	4.3	警告 Network	etcd	etcd	etcd-ioのetcdにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-44283	2026-05-18 11:25	2026-05-14	Show	GitHub Exploit DB Packet Storm

3340	5.3	警告 Network	MISP	MISP	MISPにおける入力確認に関する脆弱性	CWE-20 CWE-noinfo	CVE-2026-44379	2026-05-18 11:25	2026-05-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 13, 2026, 4:20 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
317971	4.8	MEDIUM Network	code-atlantic	popup_maker	The Popup Maker WordPress plugin before 1.19.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks …	CWE-79 Cross-site Scripting	CVE-2024-5561	2024-10-8 02:45	2024-09-9	Show	GitHub Exploit DB Packet Storm

317972	9.8	CRITICAL Network	opti.marketing	opti_marketing	The Opti Marketing WordPress plugin through 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading t…	CWE-89 SQL Injection	CVE-2024-6928	2024-10-8 02:45	2024-09-8	Show	GitHub Exploit DB Packet Storm

317973	6.5	MEDIUM Network	azindex_project	azindex	The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack	CWE-352 Origin Validation Error	CVE-2024-7688	2024-10-8 02:43	2024-09-9	Show	GitHub Exploit DB Packet Storm

317974	5.5	MEDIUM Local	cisco	ios_xr	A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have v…	NVD-CWE-noinfo	CVE-2024-20343	2024-10-8 02:42	2024-09-12	Show	GitHub Exploit DB Packet Storm

317975	5.4	MEDIUM Network	hasthemes	woolentor_-_woocommerce_elementor_addons_\+_builder	The ShopLentor – WooCommerce Builder for Elementor & Gutenberg +12 Modules – All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tooltip…	CWE-79 Cross-site Scripting	CVE-2024-8668	2024-10-8 02:28	2024-09-25	Show	GitHub Exploit DB Packet Storm

317976	4.3	MEDIUM Network	vladyslavbondarenko	adstxt	The adstxt Plugin WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack	CWE-352 Origin Validation Error	CVE-2024-7892	2024-10-8 02:26	2024-09-25	Show	GitHub Exploit DB Packet Storm

317977	9.8	CRITICAL Network	dataease	dataease	DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, an attacker can achieve remote command execution by adding a carefully constructed h2 data source connection stri…	NVD-CWE-noinfo	CVE-2024-46997	2024-10-8 02:20	2024-09-24	Show	GitHub Exploit DB Packet Storm

317978	9.1	CRITICAL Network	circutor	tcp2rs\+_firmware	Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, witho…	NVD-CWE-noinfo	CVE-2024-8892	2024-10-8 02:10	2024-09-18	Show	GitHub Exploit DB Packet Storm

317979	9.1	CRITICAL Network	circutor	tcp2rs\+_firmware	Vulnerability in CIRCUTOR TCP2RS+ firmware version 1.3b, which could allow an attacker to modify any configuration value, even if the device has the user/password authentication option enabled, witho…	NVD-CWE-noinfo	CVE-2024-8889	2024-10-8 02:09	2024-09-18	Show	GitHub Exploit DB Packet Storm

317980	6.1	MEDIUM Network	wireui	wireui	Wire UI is a library of components and resources to empower Laravel and Livewire application development. A potential Cross-Site Scripting (XSS) vulnerability has been identified in the `/wireui/butt…	CWE-79 Cross-site Scripting	CVE-2024-45803	2024-10-8 02:05	2024-09-18	Show	GitHub Exploit DB Packet Storm