Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
201921	9.8	緊急 Network	Apache Software Foundation	-	Apache ActiveMQ のファイルサーバ Web アプリケーションにおける任意のファイルをアップロードされる脆弱性	CWE-20 不適切な入力確認	CVE-2016-3088	2016-06-3 14:29	2016-05-23	Show	GitHub Exploit DB Packet Storm

201922	7.8	重要 Local	Apache Software Foundation	-	Apache PDFBox における XML 外部エンティティ攻撃を実行される脆弱性	CWE-Other その他	CVE-2016-2175	2016-06-3 14:29	2016-04-17	Show	GitHub Exploit DB Packet Storm

201923	6.1	警告 Network	シトリックス・システムズ	-	Citrix NetScaler Gateway の vpn/js/gateway_login_form_view.js におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-4945	2016-06-3 14:16	2016-05-26	Show	GitHub Exploit DB Packet Storm

201924	7.5	重要 Network	シトリックス・システムズ	-	Citrix XenDesktop および XenApp 用 Citrix Studio における XenDesktop Delivery Controller にアクセスポリシー規則を設定される脆弱性	CWE-Other その他	CVE-2016-4810	2016-06-3 14:16	2016-05-31	Show	GitHub Exploit DB Packet Storm

201925	7.8	重要 Local	Debian GNOME Project	-	gdk-pixbuf の pixops/pixops.c の pixops_composite_nearest などの関数における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2015-8875	2016-06-3 12:17	2015-10-6	Show	GitHub Exploit DB Packet Storm

201926	6.5	警告 Network	IBM	-	IBM Security AppScan における任意のファイルを読まれる脆弱性	CWE-Other その他	CVE-2016-0288	2016-06-3 11:41	2016-05-17	Show	GitHub Exploit DB Packet Storm

201927	7	危険	サイボウズ	-	サイボウズガルーンにおける LDAP インジェクションの脆弱性	CWE-noinfo 情報不足	CVE-2015-5649	2016-06-2 19:12	2015-10-7	Show	GitHub Exploit DB Packet Storm

201928	4.3	警告 Network	Apache Software Foundation	-	Apache Cordova におけるアクセス制限不備の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2015-5207	2016-06-2 17:49	2016-05-11	Show	GitHub Exploit DB Packet Storm

201929	9.8	緊急 Network	Sixnet	-	Sixnet BT-5xxx および BT-6xxx M2M デバイスにおけるアクセス権を取得される脆弱性	CWE-200 情報漏えい	CVE-2016-4521	2016-06-2 16:55	2016-05-26	Show	GitHub Exploit DB Packet Storm

201930	5.8	警告 Network	Moxa Inc.	-	Moxa UC-7408 LX-Plus デバイスにおけるファームウェアに書き込まれる脆弱性	CWE-Other その他	CVE-2016-4500	2016-06-2 15:00	2016-05-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1181	7.5	HIGH Network	-	-	When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring C…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-40981	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

1182	9.1	CRITICAL Network	-	-	Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially cra…	CWE-22 Path Traversal	CVE-2026-40982	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

1183	7.2	HIGH Local	-	-	The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring …	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41002	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

1184	4.4	MEDIUM Local	-	-	When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrad…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-41004	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

1185	4.7	MEDIUM Local	-	-	A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service.	CWE-134 Use of Externally-Controlled Format String	CVE-2026-44407	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

1186	-		-	-	Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access c…	CWE-280 Improper Handling of Insufficient Permissions or Privileges	CVE-2026-6805	2026-05-7 23:56	2026-05-7	Show	GitHub Exploit DB Packet Storm

1187	6.8	MEDIUM Network	-	-	Admidio is an open-source user management solution. Prior to version 5.0.9, the OIDC token introspection endpoint (/modules/sso/index.php/oidc/introspect) always returns {"active": true} for every re…	CWE-287 Improper Authentication	CVE-2026-41671	2026-05-7 23:54	2026-05-7	Show	GitHub Exploit DB Packet Storm

1188	-		-	-	A hidden console command is vulnerable to command injection flaw when control characters are passed to its second argument. A third party researcher Eugene Lim had discovered vulnerability in the w…	CWE-88 Argument Injection	CVE-2026-7865	2026-05-7 23:53	2026-05-6	Show	GitHub Exploit DB Packet Storm

1189	8.0	HIGH Network	-	-	A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or transfer.	CWE-212 Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2024-43384	2026-05-7 23:53	2026-05-7	Show	GitHub Exploit DB Packet Storm

1190	-		-	-	A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep…	-	CVE-2026-6860	2026-05-7 23:52	2026-05-6	Show	GitHub Exploit DB Packet Storm