Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 15, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
651 9.1 緊急
Network 		ollama ollama Ollamaにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-7482 2026-05-12 10:19 2026-05-4 Show GitHub Exploit DB Packet Storm
652 5.5 警告
Local 		Open5GS Open5GS Open5GSにおけるリソースの不適切なシャットダウンおよびリリースに関する脆弱性 CWE-404
リソースの不適切なシャットダウンおよびリリース 		CVE-2026-8119 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
653 6.5 警告
Network 		Open5GS Open5GS Open5GSにおけるリソースの不適切なシャットダウンおよびリリースに関する脆弱性 CWE-404
リソースの不適切なシャットダウンおよびリリース 		CVE-2026-8120 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
654 6.5 警告
Network 		Open5GS Open5GS Open5GSにおけるリソースの不適切なシャットダウンおよびリリースに関する脆弱性 CWE-404
リソースの不適切なシャットダウンおよびリリース 		CVE-2026-8121 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
655 6.5 警告
Network 		Open5GS Open5GS Open5GSにおけるリソースの不適切なシャットダウンおよびリリースに関する脆弱性 CWE-404
リソースの不適切なシャットダウンおよびリリース 		CVE-2026-8122 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
656 6.5 警告
Network 		Open5GS Open5GS Open5GSにおけるリソースの不適切なシャットダウンおよびリリースに関する脆弱性 CWE-404
リソースの不適切なシャットダウンおよびリリース 		CVE-2026-8123 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
657 8.8 重要
Network 		Shenzhen Tenda Technology Co.,Ltd. CX12L Pro Firmware Shenzhen Tenda Technology Co.,Ltd.のCX12L Pro Firmwareにおける複数の脆弱性 CWE-119
CWE-121
CVE-2026-8138 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
658 7.8 重要
Local 		NAVER Corp. NAVER MYBOX Explorer for Windows NAVER Corp.のNAVER MYBOX Explorer for Windowsにおける不適切な権限設定に関する脆弱性 CWE-266
不適切な権限設定 		CVE-2026-8148 2026-05-12 10:19 2026-05-8 Show GitHub Exploit DB Packet Storm
659 7.3 重要
Network 		Project Jupyter Jupyter Server Project JupyterのJupyter Serverにおけるアンカーのない正規表現に関する脆弱性 CWE-777
アンカーのない正規表現 		CVE-2026-40110 2026-05-12 10:19 2026-05-5 Show GitHub Exploit DB Packet Storm
660 6.1 警告
Network 		HCL Technologies Limited unica
HCL Unica Plan
HCL Unica Segment Central
HCL Unica Centralized Offer Management
HCL Unica Audience Campaign
HCL U… 		HCL Technologies Limitedのunica等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-62320 2026-05-12 10:19 2026-03-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
312231 - - - Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block. A rogue administrator could add a malicious payload by executing it in the browse… - CVE-2024-8661 2024-09-26 01:15 2024-09-17 Show GitHub Exploit DB Packet Storm
312232 - - - In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocati… - CVE-2024-7625 2024-09-26 01:15 2024-08-15 Show GitHub Exploit DB Packet Storm
312233 4.8 MEDIUM
Network 		ninjaforms ninja_forms Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a thro… CWE-79
Cross-site Scripting 		CVE-2024-43999 2024-09-26 00:15 2024-09-18 Show GitHub Exploit DB Packet Storm
312234 6.5 MEDIUM
Adjacent 		apple iphone_os
ipados 		This issue was addressed through improved state management. This issue is fixed in iOS 18 and iPadOS 18. A malicious Bluetooth input device may bypass pairing. NVD-CWE-noinfo
CVE-2024-44124 2024-09-26 00:14 2024-09-17 Show GitHub Exploit DB Packet Storm
312235 5.4 MEDIUM
Network 		webhammer wp_custom_fields_search The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient … CWE-79
Cross-site Scripting 		CVE-2024-8364 2024-09-26 00:08 2024-09-19 Show GitHub Exploit DB Packet Storm
312236 9.8 CRITICAL
Network 		freeimage_project freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. CWE-787
 Out-of-bounds Write 		CVE-2024-31570 2024-09-25 23:57 2024-09-20 Show GitHub Exploit DB Packet Storm
312237 9.8 CRITICAL
Network 		spx spx_graphics_controller An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. CWE-94
Code Injection 		CVE-2024-44623 2024-09-25 23:53 2024-09-17 Show GitHub Exploit DB Packet Storm
312238 9.8 CRITICAL
Network 		ergophone
yealink 		tiptel_ip_286_firmware
sip-t28p_firmware 		Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. CWE-22
Path Traversal 		CVE-2024-33109 2024-09-25 23:47 2024-09-20 Show GitHub Exploit DB Packet Storm
312239 9.8 CRITICAL
Network 		closed-loop cless_server An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the u… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2024-40125 2024-09-25 23:46 2024-09-20 Show GitHub Exploit DB Packet Storm
312240 6.1 MEDIUM
Network 		surecart surecart Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3. CWE-79
Cross-site Scripting 		CVE-2024-43970 2024-09-25 23:18 2024-09-18 Show GitHub Exploit DB Packet Storm