Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
191691	7.8	重要 Local	GNU Project	-	GNU Binutils の Binary File Descriptor ライブラリの bfd/elf32-sh.c におけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2017-9744	2017-07-11 11:48	2017-06-17	Show	GitHub Exploit DB Packet Storm

191692	7.8	重要 Local	GNU Project	-	GNU Binutils の opcodes/score7-dis.c:552 の print_insn_score32 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2017-9743	2017-07-11 11:47	2017-06-17	Show	GitHub Exploit DB Packet Storm

191693	7.8	重要 Local	GNU Project	-	GNU Binutils の opcodes/score7-dis.c の score_opcodes 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2017-9742	2017-07-11 11:47	2017-06-14	Show	GitHub Exploit DB Packet Storm

191694	7.5	重要 Network	Cloud Foundry Foundation	-	複数の Cloud Foundry Foundation 製品における入力確認に関する脆弱性	CWE-20 不適切な入力確認	CVE-2017-4994	2017-07-10 18:43	2017-06-6	Show	GitHub Exploit DB Packet Storm

191695	9.8	緊急 Network	Cloud Foundry Foundation	-	複数の Cloud Foundry Foundation 製品における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-4992	2017-07-10 18:43	2017-05-19	Show	GitHub Exploit DB Packet Storm

191696	7.2	重要 Network	Cloud Foundry Foundation	-	複数の Cloud Foundry Foundation 製品における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-4991	2017-07-10 18:43	2017-05-16	Show	GitHub Exploit DB Packet Storm

191697	6.5	警告 Network	Cloud Foundry Foundation	-	複数の Cloud Foundry Foundation 製品における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2017-4974	2017-07-10 18:43	2017-05-1	Show	GitHub Exploit DB Packet Storm

191698	8.8	重要 Network	Cloud Foundry Foundation	-	複数の Cloud Foundry Foundation 製品における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-4973	2017-07-10 18:43	2017-04-19	Show	GitHub Exploit DB Packet Storm

191699	7.5	重要 Network	Cloud Foundry Foundation	-	複数の Cloud Foundry Foundation 製品における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2017-4972	2017-07-10 18:43	2017-04-19	Show	GitHub Exploit DB Packet Storm

191700	5.9	警告 Network	Cloud Foundry Foundation	-	Cloud Foundry Foundation cf-release および Staticfile buildpack におけるセキュリティ機能に関する脆弱性	CWE-254 セキュリティ機能	CVE-2017-4970	2017-07-10 18:43	2017-04-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1001	7.7	HIGH Network	-	-	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel wp-travel allows Blind SQL Injection.This issue affects WP Travel: from n/a t… New	CWE-89 SQL Injection	CVE-2026-45218	2026-05-12 23:03	2026-05-12	Show	GitHub Exploit DB Packet Storm

1002	4.8	MEDIUM Network	weblate	wlc	wlc is a Weblate command-line client using Weblate's REST API. Prior to version 2.0.0, the HTML output format in wlc embeds API response data into HTML without escaping, allowing cross-site scripting… Update	CWE-79 Cross-site Scripting	CVE-2026-42150	2026-05-12 23:00	2026-05-8	Show	GitHub Exploit DB Packet Storm

1003	3.3	LOW Network	kimai	kimai	Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to … Update	CWE-862 Missing Authorization	CVE-2026-41498	2026-05-12 22:59	2026-05-8	Show	GitHub Exploit DB Packet Storm

1004	6.5	MEDIUM Network	onyx	onyx	Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi… Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42277	2026-05-12 22:58	2026-05-8	Show	GitHub Exploit DB Packet Storm

1005	5.9	MEDIUM Network	elabftw	elabftw	eLabFTW is an open source electronic lab notebook. In elabftw versions through 5.4.1, the login flow did not reliably preserve the multi-factor authentication state across authentication steps. Under… Update	CWE-302 Authentication Bypass by Assumed-Immutable Data	CVE-2026-28510	2026-05-12 22:58	2026-05-5	Show	GitHub Exploit DB Packet Storm

1006	9.1	CRITICAL Network	librenms	librenms	LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's index(), SettingsController.php's update(), and PollDevice.php's in… Update	CWE-78 OS Command	CVE-2024-51092	2026-05-12 22:50	2026-05-8	Show	GitHub Exploit DB Packet Storm

1007	7.3	HIGH Network	astrbot	astrbot	AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT. Update	CWE-321 Use of Hard-coded Cryptographic Key	CVE-2025-55449	2026-05-12 22:49	2026-05-8	Show	GitHub Exploit DB Packet Storm

1008	9.1	CRITICAL Network	pfsense	pfsense	Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the post_reboot_commands property. NOTE: the Supplier disputes … Update	CWE-502 CWE-915 Deserialization of Untrusted Data Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2025-69690	2026-05-12 22:45	2026-05-8	Show	GitHub Exploit DB Packet Storm

1009	9.8	CRITICAL Network	citeum	opencti	OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploi… Update	CWE-287 Improper Authentication	CVE-2026-27960	2026-05-12 22:45	2026-05-6	Show	GitHub Exploit DB Packet Storm

1010	6.5	MEDIUM Network	gofiber	fiber	Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query str… Update	CWE-436 Interpretation Conflict	CVE-2026-30246	2026-05-12 22:44	2026-05-5	Show	GitHub Exploit DB Packet Storm