Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
191891 7.8 重要
Local 		GNU Project - GNU Binutils の readelf.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2017-9043 2017-06-15 15:44 2017-04-21 Show GitHub Exploit DB Packet Storm
191892 6.1 警告
Network 		Invision Power Services, Inc - Invision Power Services Community Suite におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-8897 2017-06-15 15:42 2017-05-9 Show GitHub Exploit DB Packet Storm
191893 5.9 警告
Network 		OnePlus - OnePlus One および X デバイスにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-8851 2017-06-15 15:03 2017-05-11 Show GitHub Exploit DB Packet Storm
191894 5.9 警告
Network 		OnePlus - 複数の OnePlus One デバイスにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-8850 2017-06-15 15:03 2017-05-11 Show GitHub Exploit DB Packet Storm
191895 5.9 警告
Network 		OnePlus - 複数の OnePlus One デバイスにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-5948 2017-06-15 15:03 2017-05-11 Show GitHub Exploit DB Packet Storm
191896 7.5 重要
Network 		OnePlus - OnePlus 3T などのデバイスにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-10370 2017-06-15 15:03 2016-07-4 Show GitHub Exploit DB Packet Storm
191897 5.5 警告
Local 		MulticoreWare Inc. - MulticoreWare x265 における整数アンダーフローの脆弱性 CWE-191
整数アンダーフロー 		CVE-2017-8906 2017-06-15 14:59 2017-05-15 Show GitHub Exploit DB Packet Storm
191898 5.3 警告
Network 		Automattic Inc. - WordPress 用プラグイン WP Job Manager におけるアクセス制限不備の問題 CWE-264
認可・権限・アクセス制御 		- 2017-06-15 14:00 2017-06-15 Show GitHub Exploit DB Packet Storm
191899 8.6 重要
Network 		WordPress.org - WordPress におけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2017-9066 2017-06-15 13:29 2017-05-16 Show GitHub Exploit DB Packet Storm
191900 9.8 緊急
Network 		AutoTrace project - AutoTrace の libautotrace.a における整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2017-9200 2017-06-15 11:34 2017-05-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
431 7.5 HIGH
Network 		- - AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but … Update CWE-121
Stack-based Buffer Overflow 		CVE-2026-42485 2026-05-6 05:24 2026-05-2 Show GitHub Exploit DB Packet Storm
432 8.4 HIGH
Local 		- - flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. Update CWE-121
Stack-based Buffer Overflow 		CVE-2026-30363 2026-05-6 05:24 2026-05-2 Show GitHub Exploit DB Packet Storm
433 6.1 MEDIUM
Network 		- - wCMS v.1.4 is vulnerable to Cross Site Scripting (XSS) when creating a new blog. New CWE-79
Cross-site Scripting 		CVE-2026-38669 2026-05-6 05:24 2026-05-5 Show GitHub Exploit DB Packet Storm
434 - - - Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ..… New CWE-79
Cross-site Scripting 		CVE-2026-42052 2026-05-6 05:24 2026-05-5 Show GitHub Exploit DB Packet Storm
435 7.5 HIGH
Network 		- - Boundary Community Edition and Boundary Enterprise (“Boundary”) workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the w… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-7776 2026-05-6 05:24 2026-05-5 Show GitHub Exploit DB Packet Storm
436 - - - Masa CMS is an open source content management system. In versions 7.5.2 and earlier, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's processing of th… New CWE-89
SQL Injection 		CVE-2026-40329 2026-05-6 05:24 2026-05-6 Show GitHub Exploit DB Packet Storm
437 - - - Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the … New CWE-89
SQL Injection 		CVE-2026-40330 2026-05-6 05:24 2026-05-6 Show GitHub Exploit DB Packet Storm
438 - - - Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altT… New CWE-89
SQL Injection 		CVE-2026-40331 2026-05-6 05:24 2026-05-6 Show GitHub Exploit DB Packet Storm
439 4.6 MEDIUM
Network 		- - PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This… New CWE-22
Path Traversal 		CVE-2026-42078 2026-05-6 05:19 2026-05-5 Show GitHub Exploit DB Packet Storm
440 8.6 HIGH
Local 		- - PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtin… New CWE-95
Eval Injection 		CVE-2026-42079 2026-05-6 05:19 2026-05-5 Show GitHub Exploit DB Packet Storm