Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 24, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1421	7.5	重要 Network	VMware	Spring AI	VMwareのSpring AIにおける不適切なデフォルトパーミッションに関する脆弱性	CWE-276 不適切なデフォルトパーミッション	CVE-2026-41712	2026-05-14 10:18	2026-05-12	Show	GitHub Exploit DB Packet Storm

1422	8.2	重要 Network	VMware	Spring AI	VMwareのSpring AIにおけるテンプレートエンジンで使用される特殊な要素の不適切な無効化に関する脆弱性	CWE-1336 テンプレートエンジンで使用される特殊な要素の不適切な無効化	CVE-2026-41713	2026-05-14 10:18	2026-05-12	Show	GitHub Exploit DB Packet Storm

1423	6.5	警告 Network	LangGenius	Dify	LangGeniusのDifyにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-41950	2026-05-14 10:18	2026-05-5	Show	GitHub Exploit DB Packet Storm

1424	9.6	緊急 Network	Streetwriters	Notesnook Mobile Notesnook Desktop	StreetwritersのNotesnook Desktop等の複数製品における複数の脆弱性	CWE-79 CWE-94	CVE-2026-42090	2026-05-14 10:18	2026-05-4	Show	GitHub Exploit DB Packet Storm

1425	6.5	警告 Network	goshs	goshs	goshsにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-42091	2026-05-14 10:18	2026-05-4	Show	GitHub Exploit DB Packet Storm

1426	4.8	警告 Network	Weblate	wlc	Weblateのwlcにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-42150	2026-05-14 10:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

1427	5.9	警告 Network	Teluu Ltd.	PJSIP	Teluu Ltd.のPJSIPにおける証明書検証に関する脆弱性	CWE-295 不正な証明書検証	CVE-2026-42225	2026-05-14 10:18	2026-05-7	Show	GitHub Exploit DB Packet Storm

1428	4.3	警告 Network	Onyx	Onyx	Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-42276	2026-05-14 10:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

1429	6.5	警告 Network	Onyx	Onyx	Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-42277	2026-05-14 10:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

1430	5.5	警告 Local	Python Software Foundation	Python Pillow	Python Software FoundationのPython Pillowにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-42308	2026-05-14 10:18	2026-05-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 25, 2026, 4:01 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
345961	-	infoblox	dns_one_appliance	Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTN…	NVD-CWE-Other	CVE-2004-0606	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345962	-	arush dreamforge epic_games infogrames ion_storm nerf_arena_blast rage_software robert_jordan running_with_scissors gentoo	devastation tnn_outdoors_pro_hunter unreal_engine unreal_tournament unreal_tournament_2003 unreal_tournament_2004 tacticalops x-com_enforcer deusex nerf_arena_blast mobi…	The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earli…	NVD-CWE-Other	CVE-2004-0608	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345963	-	rssh	rssh	rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.	NVD-CWE-Other	CVE-2004-0609	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345964	-	microsoft	mn-500_wireless_base_station	The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections.	NVD-CWE-Other	CVE-2004-0610	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345965	-	netgear	fvs318	Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.	NVD-CWE-Other	CVE-2004-0611	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345966	-	zonelabs	zonealarm	The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has …	NVD-CWE-Other	CVE-2004-0612	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345967	-	osticket	osticket_sts	osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory.	NVD-CWE-Other	CVE-2004-0613	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345968	-	osticket	osticket_sts	osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size.	NVD-CWE-Other	CVE-2004-0614	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345969	-	bt	voyager_2000_wireless_adsl_router	The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext.	NVD-CWE-Other	CVE-2004-0616	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

345970	-	arbitroweb	arbitroweb	Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter.	NVD-CWE-Other	CVE-2004-0617	2017-07-11 10:30	2004-12-6	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed