Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 2, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3971	6.5	警告 Network	Mattermost, Inc.	Focalboard	Mattermost, Inc.のFocalboardにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-25773	2026-04-30 12:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

3972	4.3	警告 Network	Mattermost, Inc.	Focalboard	Mattermost, Inc.のFocalboardにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-28736	2026-04-30 12:13	2026-04-3	Show	GitHub Exploit DB Packet Storm

3973	7.8	重要 Local	DeepCool	DeepCreative	DeepCoolのDeepCreativeにおける安全でない継承されたパーミッションに関する脆弱性	CWE-277 安全でない継承されたパーミッション	CVE-2026-30266	2026-04-30 12:13	2026-04-20	Show	GitHub Exploit DB Packet Storm

3974	7.5	重要 Network	Angeet	ES3 KVM Firmware	AngeetのES3 KVM Firmwareにおける重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-32297	2026-04-30 12:13	2026-03-17	Show	GitHub Exploit DB Packet Storm

3975	9.1	緊急 Network	Angeet	ES3 KVM Firmware	AngeetのES3 KVM FirmwareにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-32298	2026-04-30 12:13	2026-03-17	Show	GitHub Exploit DB Packet Storm

3976	7.5	重要 Network	オラクル	Oracle Financial Services Customer Screening	オラクルのOracle Financial Services Customer Screeningにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2026-34320	2026-04-30 12:13	2026-04-21	Show	GitHub Exploit DB Packet Storm

3977	5.8	警告 Network	Pavel Zbornik (pavelzbornik)	whisperX REST API	Pavel Zbornik (pavelzbornik)のwhisperX REST APIにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-34981	2026-04-30 12:13	2026-04-6	Show	GitHub Exploit DB Packet Storm

3978	7.5	重要 Network	Distribution	Distribution	Distributionにおけるアクセス制御に関する脆弱性	CWE-284 CWE-noinfo	CVE-2026-35172	2026-04-30 12:13	2026-04-6	Show	GitHub Exploit DB Packet Storm

3979	7.5	重要 Network	UnJS Team	defu	UnJS Teamのdefuにおけるオブジェクトプロトタイプ属性の不適切に制御された変更に関する脆弱性	CWE-1321 オブジェクトプロトタイプ属性の不適切に制御された変更 (プロトタイプの汚染)	CVE-2026-35209	2026-04-30 12:13	2026-04-6	Show	GitHub Exploit DB Packet Storm

3980	7.5	重要 Network	オラクル	Oracle Financial Services Transaction Filtering	オラクルのOracle Financial Services Transaction Filteringにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-35231	2026-04-30 12:13	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
315031	4.3	MEDIUM Network	radiustheme	the_post_grid	The The Post Grid – Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.7.11 via…	NVD-CWE-noinfo	CVE-2024-7418	2024-10-5 01:01	2024-08-29	Show	GitHub Exploit DB Packet Storm

315032	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the…	CWE-476 NULL Pointer Dereference	CVE-2024-46851	2024-10-5 01:00	2024-09-27	Show	GitHub Exploit DB Packet Storm

315033	5.3	MEDIUM Network	givewp	givewp	The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.15.1. This is due to the plugin utilizing Symf…	CWE-209 Information Exposure Through an Error Message	CVE-2024-6551	2024-10-5 00:57	2024-08-29	Show	GitHub Exploit DB Packet Storm

315034	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid race between dcn35_set_drr() and dc_state_destruct() dc_state_destruct() nulls the resource context of the…	CWE-476 NULL Pointer Dereference	CVE-2024-46850	2024-10-5 00:30	2024-09-27	Show	GitHub Exploit DB Packet Storm

315035	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Limit the period on Haswell Running the ltp test cve-2015-3290 concurrently reports the following warnings. perf…	NVD-CWE-noinfo	CVE-2024-46848	2024-10-5 00:23	2024-09-27	Show	GitHub Exploit DB Packet Storm

315036	7.5	HIGH Network	planet	gs-4210-24p2s_firmware gs-4210-24pl4c_firmware	The swctrl service is used to detect and remotely manage PLANET Technology devices. Certain switch models have a Denial-of-Service vulnerability in the swctrl service, allowing unauthenticated remote…	CWE-476 CWE-400 NULL Pointer Dereference Uncontrolled Resource Consumption	CVE-2024-8454	2024-10-5 00:11	2024-09-30	Show	GitHub Exploit DB Packet Storm

315037	4.9	MEDIUM Network	planet	gs-4210-24p2s_firmware gs-4210-24pl4c_firmware	Certain switch models from PLANET Technology use an insecure hashing function to hash user passwords without being salted. Remote attackers with administrator privileges can read configuration files …	CWE-328 CWE-759 Use of Weak Hash Use of a One-Way Hash without a Salt	CVE-2024-8453	2024-10-5 00:10	2024-09-30	Show	GitHub Exploit DB Packet Storm

315038	7.5	HIGH Network	planet	gs-4210-24p2s_firmware gs-4210-24pl4c_firmware	Certain switch models from PLANET Technology only support obsolete algorithms for authentication protocol and encryption protocol in the SNMPv3 service, allowing attackers to obtain plaintext SNMPv3 …	CWE-327 CWE-328 Use of a Broken or Risky Cryptographic Algorithm Use of Weak Hash	CVE-2024-8452	2024-10-5 00:10	2024-09-30	Show	GitHub Exploit DB Packet Storm

315039	7.5	HIGH Network	planet	gs-4210-24p2s_firmware gs-4210-24pl4c_firmware	Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests, allowing unauthorized remote attackers to exploit this weakn…	CWE-400 CWE-280 Uncontrolled Resource Consumption Improper Handling of Insufficient Permissions or Privileges	CVE-2024-8451	2024-10-5 00:09	2024-09-30	Show	GitHub Exploit DB Packet Storm

315040	9.8	CRITICAL Network	planet	gs-4210-24p2s_firmware gs-4210-24pl4c_firmware	Certain switch models from PLANET Technology have a Hard-coded community string in the SNMPv1 service, allowing unauthorized remote attackers to use this community string to access the SNMPv1 service…	CWE-798 Use of Hard-coded Credentials	CVE-2024-8450	2024-10-5 00:08	2024-09-30	Show	GitHub Exploit DB Packet Storm