Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 8, 2026, 2:21 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1811	4.8	警告 Network	OctoberCMS	October	OctoberCMSのOctoberにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25133	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1812	8.1	重要 Network	OpenMage	Magento	OpenMageのMagentoにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-25524	2026-04-27 11:23	2026-04-20	Show	GitHub Exploit DB Packet Storm

1813	4.9	警告 Network	OpenMage	Magento	OpenMageのMagentoにおける複数の脆弱性	CWE-184 CWE-22	CVE-2026-25525	2026-04-27 11:23	2026-04-20	Show	GitHub Exploit DB Packet Storm

1814	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows Server Update Services (WSUS) の特権の昇格の脆弱性	CWE-362 CWE-416	CVE-2026-26174	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1815	4.6	警告 Physics	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows ブートマネージャーのセキュリティ機能のバイパスの脆弱性	CWE-908 初期化されていないリソースの使用	CVE-2026-26175	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1816	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows クライアント側のキャッシュドライバー (csc.sys) の特権昇格の脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-26176	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1817	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-26177	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1818	8.8	重要 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows Advanced Rasterization Platform の特権昇格の脆弱性	CWE-190 CWE-681	CVE-2026-26178	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1819	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows 11 26h1 Microsoft Windows Server 2025 Microsoft Windows 11 24h2 Microsoft Wind…	Windows カーネルの特権の昇格の脆弱性	CWE-415 二重解放	CVE-2026-26179	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

1820	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows カーネルの特権の昇格の脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-26180	2026-04-27 11:23	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
931	10.0	CRITICAL Network	vm2_project	vm2	vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, SuppressedError allows attackers to escape the sandbox and run arbitrary code. This issue has been patched in version 3.11.0. Update	CWE-94 CWE-693 Code Injection Protection Mechanism Failure	CVE-2026-26332	2026-05-6 21:24	2026-05-5	Show	GitHub Exploit DB Packet Storm

932	8.8	HIGH Adjacent	dlink	dir-605l_firmware	D-Link DIR-605L Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… Update	CWE-798 Use of Hard-coded Credentials	CVE-2026-42372	2026-05-6 21:20	2026-05-5	Show	GitHub Exploit DB Packet Storm

933	8.8	HIGH Adjacent	dlink	dir-605l_firmware	D-Link DIR-605L Hardware Revision B2 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the s… Update	CWE-798 Use of Hard-coded Credentials	CVE-2026-42373	2026-05-6 21:19	2026-05-5	Show	GitHub Exploit DB Packet Storm

934	8.8	HIGH Adjacent	dlink	dir-600l_firmware	D-Link DIR-600L Hardware Revision B1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… Update	CWE-798 Use of Hard-coded Credentials	CVE-2026-42374	2026-05-6 21:18	2026-05-5	Show	GitHub Exploit DB Packet Storm

935	8.8	HIGH Adjacent	dlink	dir-600l_firmware	D-Link DIR-600L Hardware Revision A1 (End-of-Life) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /bin/telnetd.sh with the username "Alphanetworks" and the static… Update	CWE-798 Use of Hard-coded Credentials	CVE-2026-42375	2026-05-6 21:17	2026-05-5	Show	GitHub Exploit DB Packet Storm

936	2.7	LOW Network	-	-	HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the … New	CWE-522 Insufficiently Protected Credentials	CVE-2025-62345	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

937	8.8	HIGH Network	-	-	HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized comma… New	CWE-77 CWE-351 CWE-451 Command Injection Insufficient Type Distinction User Interface (UI) Misrepresentation of Critical Information	CVE-2025-31951	2026-05-6 21:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

938	3.1	LOW Network	-	-	HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit b… New	CWE-80 Basic XSS	CVE-2025-59854	2026-05-6 20:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

939	3.1	LOW Network	-	-	HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the appl… New	CWE-209 Information Exposure Through an Error Message	CVE-2025-59853	2026-05-6 20:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

940	3.7	LOW Network	-	-	HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise t… New	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2025-59852	2026-05-6 20:16	2026-05-6	Show	GitHub Exploit DB Packet Storm