Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 4:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
671	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7080	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

672	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7081	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

673	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7082	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

674	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	HG3 Firmware	Shenzhen Tenda Technology Co.,Ltd.のHG3 Firmwareにおける複数の脆弱性	CWE-77 CWE-78	CVE-2026-7096	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

675	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7097	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

676	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7098	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

677	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7099	2026-05-1 10:37	2026-04-27	Show	GitHub Exploit DB Packet Storm

678	4.7	警告 Network	リコー	Web Image Monitor	リコー製Web Image Monitorを実装している複数のレーザープリンタおよび複合機（MFP）におけるオープンリダイレクトの脆弱性	CWE-Other その他	CVE-2026-41226	2026-04-30 14:09	2026-04-30	Show	GitHub Exploit DB Packet Storm

679	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2026-31571	2026-04-30 12:34	2026-04-24	Show	GitHub Exploit DB Packet Storm

680	4.7	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける競合状態に関する脆弱性	CWE-362 競合状態	CVE-2026-31572	2026-04-30 12:34	2026-04-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
491	5.7	MEDIUM Network	-	-	Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function New	CWE-79 Cross-site Scripting	CVE-2026-31205	2026-05-6 04:44	2026-05-4	Show	GitHub Exploit DB Packet Storm

492	8.1	HIGH Network	-	-	Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client (Connection.php:76) calls unserialize() on data received from the server response, enabling client-sid… Update	CWE-502 Deserialization of Untrusted Data	CVE-2026-42471	2026-05-6 04:39	2026-05-2	Show	GitHub Exploit DB Packet Storm

493	9.8	CRITICAL Network	-	-	Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from Redis in the RedisHandler object. Update	CWE-502 Deserialization of Untrusted Data	CVE-2026-42472	2026-05-6 04:39	2026-05-2	Show	GitHub Exploit DB Packet Storm

494	9.8	CRITICAL Network	-	-	Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The session and cache handlers use unserialize() on data from the filesystem in the FileHandler object. Update	CWE-502 Deserialization of Untrusted Data	CVE-2026-42473	2026-05-6 04:39	2026-05-2	Show	GitHub Exploit DB Packet Storm

495	6.5	MEDIUM Network	-	-	SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `data` array to the data function in BuildHelper.php. Update	CWE-89 SQL Injection	CVE-2026-42474	2026-05-6 04:39	2026-05-2	Show	GitHub Exploit DB Packet Storm

496	7.5	HIGH Network	-	-	An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field Update	CWE-805 Buffer Access with Incorrect Length Value	CVE-2025-63547	2026-05-6 04:39	2026-05-2	Show	GitHub Exploit DB Packet Storm

497	7.5	HIGH Network	-	-	An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field. Update	CWE-241 Improper Handling of Unexpected Data Type	CVE-2025-63548	2026-05-6 04:39	2026-05-2	Show	GitHub Exploit DB Packet Storm

498	-		-	-	Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion when WebSocket permessage-deflate compressio… Update	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-39804	2026-05-6 04:37	2026-05-2	Show	GitHub Exploit DB Packet Storm

499	-		-	-	Inconsistent Interpretation of HTTP Requests vulnerability in mtrudel bandit allows HTTP request smuggling via duplicate Content-Length headers. 'Elixir.Bandit.Headers':get_content_length/1 in lib/b… Update	CWE-444 HTTP Request Smuggling	CVE-2026-39805	2026-05-6 04:37	2026-05-2	Show	GitHub Exploit DB Packet Storm

500	-		-	-	Reliance on Untrusted Inputs in a Security Decision vulnerability in mtrudel bandit allows unauthenticated transport-state spoofing on plaintext HTTP connections. 'Elixir.Bandit.Pipeline':determine_… Update	CWE-807 Reliance on Untrusted Inputs in a Security Decision	CVE-2026-39807	2026-05-6 04:37	2026-05-2	Show	GitHub Exploit DB Packet Storm