Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 2, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
371 5.9 警告
Network 		Jeffrey Stedfast (jstedfast) MailKit Jeffrey Stedfast (jstedfast)のMailKitにおけるインジェクションに関する脆弱性 CWE-74
インジェクション 		CVE-2026-41319 2026-05-25 10:25 2026-04-24 Show GitHub Exploit DB Packet Storm
372 9.8 緊急
Network 		pgx project pgx JackcのpgxにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-41889 2026-05-25 10:25 2026-05-8 Show GitHub Exploit DB Packet Storm
373 5.4 警告
Network 		reconurge Flowsint Flowsintにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-42159 2026-05-25 10:25 2026-05-14 Show GitHub Exploit DB Packet Storm
374 8.6 重要
Network 		MagicMirror MagicMirror MagicMirrorにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-42281 2026-05-25 10:25 2026-05-14 Show GitHub Exploit DB Packet Storm
375 6.1 警告
Network 		Absinthe-graphql Absinthe.Plug (absinthe plug) Absinthe-graphqlのAbsinthe.Plug (absinthe plug)におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-42794 2026-05-25 10:25 2026-05-8 Show GitHub Exploit DB Packet Storm
376 4.3 警告
Network 		Getinboxzero Inbox Zero GetinboxzeroのInbox Zeroにおける情報漏えいに関する脆弱性 CWE-200
CWE-noinfo
CVE-2026-42865 2026-05-25 10:25 2026-05-11 Show GitHub Exploit DB Packet Storm
377 4 警告
Network 		Nine Nines Cowlib Nine NinesのCowlibにおけるCRLF インジェクションの脆弱性 CWE-93
CRLF インジェクション 		CVE-2026-43968 2026-05-25 10:25 2026-05-11 Show GitHub Exploit DB Packet Storm
378 3.2
Local 		Nine Nines Cowlib Nine NinesのCowlibにおけるCRLF インジェクションの脆弱性 CWE-93
CRLF インジェクション 		CVE-2026-43969 2026-05-25 10:24 2026-05-11 Show GitHub Exploit DB Packet Storm
379 6.1 警告
Network 		Boscop Orejime GayaのOrejimeにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-6095 2026-05-25 10:24 2026-05-19 Show GitHub Exploit DB Packet Storm
380 6.1 警告
Network 		Drupal Obfuscate Obfuscateにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-6871 2026-05-25 10:24 2026-05-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
311041 - - - Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component. - CVE-2024-51213 2024-11-13 03:35 2024-11-12 Show GitHub Exploit DB Packet Storm
311042 - - - The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= fiel… - CVE-2024-51026 2024-11-13 03:35 2024-11-12 Show GitHub Exploit DB Packet Storm
311043 - - - A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the "searchdata " parameter. - CVE-2024-50989 2024-11-13 03:35 2024-11-12 Show GitHub Exploit DB Packet Storm
311044 - - - The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attri… - CVE-2023-40457 2024-11-13 03:35 2024-11-11 Show GitHub Exploit DB Packet Storm
311045 4.4 MEDIUM
Local 		- - A vulnerability was found in Performance Co-Pilot (PCP). This flaw can only be exploited if an attacker has access to a compromised PCP system account. The issue is related to the pmpost tool, which … CWE-59
Link Following 		CVE-2024-45770 2024-11-13 03:15 2024-09-19 Show GitHub Exploit DB Packet Storm
311046 5.5 MEDIUM
Local 		- - A vulnerability was found in Performance Co-Pilot (PCP).  This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash. - CVE-2024-45769 2024-11-13 03:15 2024-09-19 Show GitHub Exploit DB Packet Storm
311047 - - - UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. - CVE-2024-48322 2024-11-13 02:35 2024-11-12 Show GitHub Exploit DB Packet Storm
311048 - - - The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.bro… - CVE-2024-46965 2024-11-13 02:35 2024-11-12 Show GitHub Exploit DB Packet Storm
311049 - - - EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities. - CVE-2024-36061 2024-11-13 02:35 2024-11-12 Show GitHub Exploit DB Packet Storm
311050 - - - An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a… - CVE-2024-51135 2024-11-13 02:35 2024-11-12 Show GitHub Exploit DB Packet Storm