Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4181	7	重要 Local	レッドハット libssh	libssh Red Hat Hardened Images	libssh等の複数ベンダの製品における制御されていない検索パスの要素に関する脆弱性	CWE-427 制御されていない検索パスの要素	CVE-2025-14821	2026-04-30 12:17	2026-04-7	Show	GitHub Exploit DB Packet Storm

4182	10	緊急 Network	lfprojects	mlflow	lfprojectsのmlflowにおけるパストラバーサルの脆弱性	CWE-29 パストラバーサル (/../filename)	CVE-2025-15036	2026-04-30 12:17	2026-03-30	Show	GitHub Exploit DB Packet Storm

4183	9.8	緊急 Network	lfprojects	mlflow	lfprojectsのmlflowにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2025-15379	2026-04-30 12:17	2026-03-30	Show	GitHub Exploit DB Packet Storm

4184	7.1	重要 Network	lfprojects	mlflow	lfprojectsのmlflowにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2025-15381	2026-04-30 12:17	2026-03-27	Show	GitHub Exploit DB Packet Storm

4185	7.5	重要 Network	Apache Software Foundation	Apache Thrift	Apache Software FoundationのApache Thriftにおけるメモリ管理ルーチンの不一致に関する脆弱性	CWE-762 メモリ管理ルーチンの不一致	CVE-2025-48431	2026-04-30 12:17	2026-04-28	Show	GitHub Exploit DB Packet Storm

4186	6.5	警告 Adjacent	ジュニパーネットワークス	Junos OS Evolved	ジュニパーネットワークスのJunos OS Evolvedにおける古典的バッファオーバーフローの脆弱性	CWE-120 古典的バッファオーバーフロー	CVE-2025-59969	2026-04-30 12:17	2026-04-9	Show	GitHub Exploit DB Packet Storm

4187	7.8	重要 Local	huggingface	transformers	huggingfaceのtransformersにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-1839	2026-04-30 12:17	2026-04-7	Show	GitHub Exploit DB Packet Storm

4188	6.1	警告 Network	シスコシステムズ	Cisco Unity Connection	シスコシステムズのCisco Unity Connectionにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-20059	2026-04-30 12:17	2026-04-15	Show	GitHub Exploit DB Packet Storm

4189	4.7	警告 Network	シスコシステムズ	Cisco Unity Connection	シスコシステムズのCisco Unity Connectionにおけるオープンリダイレクトの脆弱性	CWE-601 オープンリダイレクト	CVE-2026-20060	2026-04-30 12:17	2026-04-15	Show	GitHub Exploit DB Packet Storm

4190	6.5	警告 Network	シスコシステムズ	Cisco Unity Connection	シスコシステムズのCisco Unity ConnectionにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-20061	2026-04-30 12:17	2026-04-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
353221	-	hyper_estraier	hyper_estraier	estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.	NVD-CWE-Other	CVE-2005-3421	2008-11-11 14:55	2005-11-2	Show	GitHub Exploit DB Packet Storm

353222	-	hiki	hiki	Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005…	NVD-CWE-Other	CVE-2005-2803	2008-11-11 14:53	2005-09-7	Show	GitHub Exploit DB Packet Storm

353223	-	hiki	hiki	Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a di…	NVD-CWE-Other	CVE-2005-2336	2008-11-11 14:51	2005-09-7	Show	GitHub Exploit DB Packet Storm

353224	-	sendmail debian	sendmail debian_linux	The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doubl…	NVD-CWE-Other	CVE-2003-0308	2008-11-11 14:29	2003-05-15	Show	GitHub Exploit DB Packet Storm

353225	-	eva-web	eva-web	An unspecified script in EVA-Web 2.1.2 and earlier, probably index.php, allows remote attackers to obtain the full path of the web server via invalid (1) perso or (2) aide parameters.	NVD-CWE-Other	CVE-2006-2690	2008-11-9 15:26	2006-05-31	Show	GitHub Exploit DB Packet Storm

353226	-	allaire	forums	Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote authenticated users to spoof messages as other users by modifying the hidden form fields for the name and e-mail address.	NVD-CWE-Other	CVE-2002-0108	2008-11-4 14:23	2002-03-25	Show	GitHub Exploit DB Packet Storm

353227	-	infopop	ultimate_bulletin_board	Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) 6.2.0 Beta Release 1.0 allows remote attackers to execute arbitrary script and steal cookies via a message containing encod…	NVD-CWE-Other	CVE-2002-0118	2008-11-4 14:23	2002-03-25	Show	GitHub Exploit DB Packet Storm

353228	-	netgear	rp114	Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured to block traffic below port 1024, allows remote attackers to cause a denial of service (hang) via a port scan of the WAN port.	NVD-CWE-Other	CVE-2002-0127	2008-11-4 14:23	2002-03-25	Show	GitHub Exploit DB Packet Storm

353229	-	maelstrom	maelstrom_gpl	Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of other Maelstrom users via a symlink attack on the /tmp/f file.	NVD-CWE-Other	CVE-2002-0141	2008-11-4 14:23	2002-03-25	Show	GitHub Exploit DB Packet Storm

353230	-	awstats	awstats	Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the sam…	NVD-CWE-Other	CVE-2006-1945	2008-11-3 15:18	2006-04-21	Show	GitHub Exploit DB Packet Storm