Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 8, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
197741	9.8	緊急 Network	dotCMS	-	dotCMS の REST API における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2016-2355	2017-01-4 10:33	2016-04-12	Show	GitHub Exploit DB Packet Storm

197742	6.5	警告 Network	Canonical Apport project	-	Apport の悪意のある Apport クラッシュファイルの "RespawnCommand" または "ProcCmdline" フィールドにおける restart コマンドを実行される脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-9951	2016-12-28 11:59	2016-12-14	Show	GitHub Exploit DB Packet Storm

197743	7.8	重要 Local	NVIDIA	-	NVIDIA の Windows GPU ディスプレイドライバの DxgDdiEscape 用カーネルモードレイヤのハンドラにおけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2016-8825	2016-12-28 11:58	2016-12-14	Show	GitHub Exploit DB Packet Storm

197744	7.8	重要 Local	NVIDIA	-	NVIDIA の Windows GPU ディスプレイドライバの DxgDdiEscape 用カーネルモードレイヤのハンドラにおける特権ユーザ専用のレジストリの一部に書き込まれる脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-8824	2016-12-28 11:58	2016-12-14	Show	GitHub Exploit DB Packet Storm

197745	7.8	重要 Local	NVIDIA	-	NVIDIA の Windows GPU ディスプレイドライバの DxgDdiEscape 用カーネルモードレイヤのハンドラにおけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2016-8823	2016-12-28 11:58	2016-12-14	Show	GitHub Exploit DB Packet Storm

197746	7.8	重要 Local	NVIDIA	-	NVIDIA の Windows GPU ディスプレイドライバの DxgDdiEscape 用カーネルモードレイヤのハンドラにおける任意の物理メモリにアクセスされる脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-8821	2016-12-28 11:58	2016-12-14	Show	GitHub Exploit DB Packet Storm

197747	7.8	重要 Local	Canonical Apport project	-	Apport のクラッシュファイルの "Package" および "SourcePackage" フィールドにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2016-9950	2016-12-28 11:47	2016-12-14	Show	GitHub Exploit DB Packet Storm

197748	7.8	重要 Local	Canonical Apport project	-	Apport の apport/ui.py における任意の Python コードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2016-9949	2016-12-28 11:47	2016-12-14	Show	GitHub Exploit DB Packet Storm

197749	7.4	重要 Network	Pivotal Software, Inc.	-	Pivotal Cloud Foundry Elastic Runtime コンポーネントにおけるオープンリダイレクトの脆弱性	CWE-601 オープンリダイレクト	CVE-2016-6657	2016-12-28 11:47	2016-11-7	Show	GitHub Exploit DB Packet Storm

197750	7.2	重要 Network	Pivotal Software, Inc.	-	Pivotal Greenplum におけるシステムに任意のコマンドを挿入される脆弱性	CWE-77 コマンドインジェクション	CVE-2016-6656	2016-12-28 11:47	2016-12-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
221	9.8	CRITICAL Network	-	-	ERPNext v15.103.1 and before is vulnerable to Server-Side Template Injection (SSTI). An attacker with permission to create or edit email templates can inject template expressions that are executed on… New	CWE-94 Code Injection	CVE-2026-38431	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

222	6.1	MEDIUM Network	-	-	ERPNext v15.103.1 and before is vulnerable to Cross Site Scripting (XSS) in the Email Template engine. An attacker with permission to create or edit email templates can inject malicious JavaScript co… New	CWE-79 Cross-site Scripting	CVE-2026-38432	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

223	-		-	-	Vaultwarden is a Bitwarden-compatible server written in Rust. In versions 1.35.4 and earlier, the WebAuthn authentication flow in `validate_webauthn_login()` updates persistent credential metadata (1… New	CWE-345 Insufficient Verification of Data Authenticity	CVE-2026-31835	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

224	-		-	-	Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin… New	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2026-31893	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

225	-		-	-	SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que… New	CWE-89 SQL Injection	CVE-2026-33324	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

226	-		-	-	Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing … New	CWE-862 Missing Authorization	CVE-2026-33420	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

227	-		-	-	PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t… New	CWE-502 CWE-918 Deserialization of Untrusted Data Server-Side Request Forgery (SSRF)	CVE-2026-34084	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

228	-		-	-	PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.3 and earlier, 2.0.0 through 2.1.15, 2.2.0 through 2.4.4, 3.3.0 through 3.10.4, and 4.0.0 through 5.6.0, the HT… New	CWE-79 Cross-site Scripting	CVE-2026-35453	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

229	8.8	HIGH Network	-	-	A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System Setting permissions can execute arbitrary commands on the server b… New	CWE-94 Code Injection	CVE-2026-7841	2026-05-8 00:15	2026-05-6	Show	GitHub Exploit DB Packet Storm

230	7.5	HIGH Network	-	-	Unauthenticated DoS in ZTE H8102E, H168N, H167A, H199A, H288A, H198A, H267A, H267N, H268A, H388X, H196A, H369A, H268N, H208N, H367N, H181A, and H196Q. A denial-of-service condition can be triggered a… New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-34473	2026-05-8 00:15	2026-05-7	Show	GitHub Exploit DB Packet Storm