Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 23, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
190561 8.8 重要
Network 		ZTE - ZTE ADSL ZXV10 W300 モデムにおける証明書・パスワードの管理に関する脆弱性 CWE-255
証明書・パスワード管理 		CVE-2015-7258 2017-09-20 11:35 2015-11-14 Show GitHub Exploit DB Packet Storm
190562 7.8 重要
Local 		LXDM project - LXDM における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2015-8308 2017-09-20 10:56 2015-11-23 Show GitHub Exploit DB Packet Storm
190563 7.5 重要
Network 		ONOS project - ONOS における NULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2015-7516 2017-09-20 10:56 2015-11-24 Show GitHub Exploit DB Packet Storm
190564 5.5 警告
Local 		レッドハット - RHEV における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2016-6310 2017-09-20 10:16 2016-08-26 Show GitHub Exploit DB Packet Storm
190565 5.3 警告
Network 		レッドハット - Red Hat JBoss Enterprise Application Platform における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2016-6311 2017-09-20 10:16 2016-08-2 Show GitHub Exploit DB Packet Storm
190566 7 重要
Local 		Canonical - Ubuntu の Apport における競合状態に関する脆弱性 CWE-362
競合状態 		CVE-2015-1325 2017-09-20 10:06 2015-05-21 Show GitHub Exploit DB Packet Storm
190567 7.8 重要
Local 		Canonical - Ubuntu の Apport における認可・権限・アクセス制御に関する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-1324 2017-09-20 10:06 2015-05-21 Show GitHub Exploit DB Packet Storm
190568 5.3 警告
Network 		日立
オラクル		 - 複数の Oracle Java 製品における Serialization に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-10108 2017-09-20 09:18 2017-07-18 Show GitHub Exploit DB Packet Storm
190569 5.3 警告
Network 		日立
オラクル		 - 複数の Oracle Java 製品における 2D に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-10053 2017-09-20 09:16 2017-07-18 Show GitHub Exploit DB Packet Storm
190570 5.9 警告
Network 		日立
オラクル		 - 複数の Oracle Java 製品における JCE に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-10135 2017-09-20 09:10 2017-07-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
81 - - - Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor privileges can inject malicious JavaScript that execute… New CWE-79
Cross-site Scripting 		CVE-2026-8203 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
82 - - - Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name (admin-controlled) through Concrete's t() translation he… New CWE-79
Cross-site Scripting 		CVE-2026-8197 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
83 - - - Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download() method in concrete/controllers/single_page/dash… New CWE-352
 Origin Validation Error 		CVE-2026-8140 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
84 - - - Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add … New CWE-502
 Deserialization of Untrusted Data 		CVE-2026-8135 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
85 - - - Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue a… New CWE-23
CWE-98
CWE-434
 Relative Path Traversal
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-8134 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
86 - - - Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission check in the usage controller.  Any unauthenticated visitor can request /ccm/system/dialogs… New CWE-200
Information Exposure 		CVE-2026-6826 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
87 8.8 HIGH
Network 		- - LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restri… New CWE-863
 Incorrect Authorization 		CVE-2026-47102 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
88 8.8 HIGH
Network 		- - LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored with… New CWE-863
 Incorrect Authorization 		CVE-2026-47101 2026-05-22 06:16 2026-05-22 Show GitHub Exploit DB Packet Storm
89 8.8 HIGH
Network 		- - IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands by supplying malicious mpv_-prefixed query parameters through the… New CWE-88
Argument Injection 		CVE-2026-47114 2026-05-22 06:03 2026-05-22 Show GitHub Exploit DB Packet Storm
90 4.3 MEDIUM
Network 		- - The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_restore_action() function in all versions up to, and … New CWE-862
 Missing Authorization 		CVE-2026-4843 2026-05-22 06:03 2026-05-22 Show GitHub Exploit DB Packet Storm