Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 5, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
4251 9.8 緊急
Network 		FastGPT FastGPT FastGPTにおけるデータクエリロジックの特殊要素の不適切な中立化に関する脆弱性 CWE-943
データクエリロジックの特殊要素の不適切な中立化 		CVE-2026-40351 2026-04-30 12:28 2026-04-17 Show GitHub Exploit DB Packet Storm
4252 8.8 重要
Network 		FastGPT FastGPT FastGPTにおけるデータクエリロジックの特殊要素の不適切な中立化に関する脆弱性 CWE-943
データクエリロジックの特殊要素の不適切な中立化 		CVE-2026-40352 2026-04-30 12:28 2026-04-17 Show GitHub Exploit DB Packet Storm
4253 9.1 緊急
Network 		マイクロソフト ASP.NET Core ASP.NET Core Elevation of Privilege Vulnerability CWE-347
デジタル署名の不適切な検証 		CVE-2026-40372 2026-04-30 12:28 2026-04-21 Show GitHub Exploit DB Packet Storm
4254 5.4 警告
Network 		Kimai project kimai Kimai projectのKimaiにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40479 2026-04-30 12:28 2026-04-17 Show GitHub Exploit DB Packet Storm
4255 4.3 警告
Network 		Kimai project kimai Kimai projectのKimaiにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性 CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更 		CVE-2026-40486 2026-04-30 12:28 2026-04-17 Show GitHub Exploit DB Packet Storm
4256 6.8 警告
Network 		oauth2_proxy project oauth2_proxy oauth2_proxy projectのoauth2_proxyにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-40574 2026-04-30 12:28 2026-04-21 Show GitHub Exploit DB Packet Storm
4257 9.1 緊急
Network 		oauth2_proxy project oauth2_proxy oauth2_proxy projectのoauth2_proxyにおけるスプーフィングによる認証回避に関する脆弱性 CWE-290
スプーフィングによる認証回避 		CVE-2026-40575 2026-04-30 12:28 2026-04-22 Show GitHub Exploit DB Packet Storm
4258 4.8 警告
Network 		pyLoad-ng project pyLoad-ng pyLoad-ng projectのpyLoad-ngにおける同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2026-40594 2026-04-30 12:28 2026-04-21 Show GitHub Exploit DB Packet Storm
4259 8.1 重要
Network 		The Kyverno Authors Kyverno The Kyverno AuthorsのKyvernoにおける重要な情報のセキュアでない格納に関する脆弱性 CWE-922
重要な情報のセキュアでない格納 		CVE-2026-40868 2026-04-30 12:28 2026-04-21 Show GitHub Exploit DB Packet Storm
4260 8.1 重要
Network 		goshs goshs goshsにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2026-40883 2026-04-30 12:28 2026-04-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
348891 - wmfrog wmfrog wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. CWE-59
Link Following 		CVE-2004-2473 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348892 - phpnews phpnews SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php. NVD-CWE-Other
CVE-2004-2474 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348893 - google toolbar Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest tha… NVD-CWE-Other
CVE-2004-2475 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348894 - diamondcs process_guard_free DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the origi… NVD-CWE-Other
CVE-2004-2477 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348895 - national_science_foundation squid_web_proxy_cache Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. NVD-CWE-Other
CVE-2004-2480 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348896 - myproxy myproxy MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a… NVD-CWE-Other
CVE-2004-2481 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348897 - microsoft outlook Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have … NVD-CWE-Other
CVE-2004-2482 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348898 - kerio winroute_firewall Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss). NVD-CWE-Other
CVE-2004-2483 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348899 - php_gift_registry phpgiftreg Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.… NVD-CWE-Other
CVE-2004-2484 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
348900 - php_live php_live Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors. NVD-CWE-Other
CVE-2004-2485 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm