Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
198991 7.5 重要
Network 		Tiki Software Community Association - Tiki Wiki CMS におけるシステム上で任意のファイルを読まれる脆弱性 CWE-200
情報漏えい 		CVE-2016-10143 2017-01-31 14:12 2016-11-17 Show GitHub Exploit DB Packet Storm
198992 5.9 警告
Network 		JCraft, Inc. - Windows 上で稼動する JCraft JSch におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2016-5725 2017-01-31 14:01 2016-08-30 Show GitHub Exploit DB Packet Storm
198993 8.8 重要
Local 		Firejail project - Firejail におけるサンドボックス外で任意のコマンドを実行される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-9016 2017-01-31 13:54 2016-10-25 Show GitHub Exploit DB Packet Storm
198994 9.8 緊急
Network 		Sociomantic Labs - sociomantic-tsunami git-hub における任意のコードを実行される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-7794 2017-01-31 13:50 2016-09-7 Show GitHub Exploit DB Packet Storm
198995 8.8 重要
Network 		Sociomantic Labs - sociomantic-tsunami git-hub における任意のコードを実行される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-7793 2017-01-31 13:50 2016-09-7 Show GitHub Exploit DB Packet Storm
198996 4 警告
Local 		Info-ZIP - Info-Zip UnZip の list.c の list_files 関数におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2014-9913 2017-01-31 13:36 2014-11-3 Show GitHub Exploit DB Packet Storm
198997 6.1 警告
Network 		BlackBerry - BlackBerry の WatchDox サーバコンポーネントの Appliance-X および vApp における反射型クロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-3890 2017-01-31 12:23 2017-01-10 Show GitHub Exploit DB Packet Storm
198998 9.8 緊急
Network 		Intelliants - Subrion CMS の includes/classes/ia.core.users.php における PHP オブジェクトインジェクション攻撃を実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2017-5543 2017-01-31 11:33 2017-01-17 Show GitHub Exploit DB Packet Storm
198999 6.1 警告
Network 		Symphony CMS - Symphony CMS の template/usererror.missing_extension.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-5542 2017-01-31 11:31 2017-01-18 Show GitHub Exploit DB Packet Storm
199000 5.3 警告
Network 		Symphony CMS - Symphony CMS の template/usererror.missing_extension.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2017-5541 2017-01-31 11:31 2017-01-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2231 - - - Gibbon versions before v30.0.01 are affected by a local file inclusion vulnerability resulting in RCE by changing the report archive directory and forcing interpretation of a user provided .zip as PH… CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 		CVE-2026-8208 2026-05-13 00:37 2026-05-9 Show GitHub Exploit DB Packet Storm
2232 - - - Gibbon versions before v30.0.01 are affected by a path traversal vulnerability resulting in DOS by attempting extraction of web application PHP files, failed .zip extraction results in deletion of th… CWE-23
 Relative Path Traversal 		CVE-2026-8209 2026-05-13 00:37 2026-05-9 Show GitHub Exploit DB Packet Storm
2233 - - - Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, the system API endpoint leaks license data and installed version to authenticated users. This issue has been patc… CWE-862
 Missing Authorization 		CVE-2026-42051 2026-05-13 00:37 2026-05-9 Show GitHub Exploit DB Packet Storm
2234 - - - Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, read access to site, user and role information is not gated by permissions. This issue has been patched in versio… CWE-862
 Missing Authorization 		CVE-2026-42069 2026-05-13 00:37 2026-05-9 Show GitHub Exploit DB Packet Storm
2235 - - - Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, `pages.access/list` and `files.access/list` permissions are not consistently checked in the Panel and REST API. T… CWE-862
CWE-863
 Missing Authorization
 Incorrect Authorization 		CVE-2026-42137 2026-05-13 00:37 2026-05-9 Show GitHub Exploit DB Packet Storm
2236 - - - Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, user avatar creation, replacement and deletion are not gated by user update permissions. This issue has been patc… CWE-862
 Missing Authorization 		CVE-2026-42174 2026-05-13 00:37 2026-05-9 Show GitHub Exploit DB Packet Storm
2237 6.7 MEDIUM
Network 		- - Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to… CWE-306
Missing Authentication for Critical Function 		CVE-2026-42176 2026-05-13 00:33 2026-05-9 Show GitHub Exploit DB Packet Storm
2238 6.5 MEDIUM
Network 		- - Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42181 2026-05-13 00:31 2026-05-9 Show GitHub Exploit DB Packet Storm
2239 8.6 HIGH
Network 		- - 18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Versions prior to 3.9.3 allow an unauthenticated HTTP client to pollute Object… CWE-22
CWE-1321
Path Traversal
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-41690 2026-05-13 00:29 2026-05-9 Show GitHub Exploit DB Packet Storm
2240 8.2 HIGH
Network 		- - i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled ln… CWE-22
CWE-918
Path Traversal
Server-Side Request Forgery (SSRF)  		CVE-2026-42353 2026-05-13 00:29 2026-05-9 Show GitHub Exploit DB Packet Storm