Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 6, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
202941 7.2 危険 マイクロソフト - 複数の Microsoft Windows 製品における権限昇格の脆弱性 CWE-Other
その他 		CVE-2016-0042 2016-02-17 13:57 2016-02-9 Show GitHub Exploit DB Packet Storm
202942 9.3 危険 マイクロソフト - 複数の Microsoft Windows 製品の Windows Journal における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-0038 2016-02-17 12:10 2016-02-9 Show GitHub Exploit DB Packet Storm
202943 7.2 危険 マイクロソフト - 複数の Microsoft Windows 製品のカーネルにおける権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0040 2016-02-17 12:10 2016-02-9 Show GitHub Exploit DB Packet Storm
202944 7.2 危険 マイクロソフト - 複数の Microsoft Windows 製品のカーネルモードドライバにおける権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0048 2016-02-17 11:16 2016-02-9 Show GitHub Exploit DB Packet Storm
202945 7.2 危険 マイクロソフト - 複数の Microsoft Windows 製品のリモートデスクトッププロトコルの実装における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0036 2016-02-17 11:16 2016-02-9 Show GitHub Exploit DB Packet Storm
202946 5 警告 マイクロソフト - Microsoft .NET Framework におけるサービス運用妨害 (DoS) の脆弱性 CWE-94
コード・インジェクション 		CVE-2016-0033 2016-02-17 11:16 2016-02-9 Show GitHub Exploit DB Packet Storm
202947 4.3 警告 マイクロソフト - Microsoft SharePoint Foundation 2013 の SharePoint Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-0039 2016-02-17 11:10 2016-02-9 Show GitHub Exploit DB Packet Storm
202948 9.3 危険 マイクロソフト - 複数の Microsoft Office 製品におけるクロスサイトスクリプティングの脆弱性 CWE-119
バッファエラー 		CVE-2016-0022 2016-02-17 11:04 2016-02-9 Show GitHub Exploit DB Packet Storm
202949 7.2 危険 マイクロソフト - 複数の Microsoft 製品における権限昇格の脆弱性 CWE-Other
その他 		CVE-2016-0041 2016-02-17 10:57 2016-02-9 Show GitHub Exploit DB Packet Storm
202950 5 警告 マイクロソフト - Microsoft Windows Server 2008 および 2012 のネットワーク ポリシー サーバーにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2016-0050 2016-02-17 10:39 2016-02-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1 9.8 CRITICAL
Network 		- - A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time… New CWE-119
CWE-120
Incorrect Access of Indexable Resource ('Range Error') 
Classic Buffer Overflow 		CVE-2026-7853 2026-05-6 03:16 2026-05-6 Show GitHub Exploit DB Packet Storm
2 7.2 HIGH
Network 		- - A vulnerability was identified in D-Link DI-8100 16.07.26A1. This affects the function sprintf of the file yyxz.asp. The manipulation of the argument ID leads to stack-based buffer overflow. The atta… New CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2026-7851 2026-05-6 03:16 2026-05-6 Show GitHub Exploit DB Packet Storm
3 - - - An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend. … Update CWE-89
SQL Injection 		CVE-2026-5394 2026-05-6 03:16 2026-04-28 Show GitHub Exploit DB Packet Storm
4 5.3 MEDIUM
Network 		- - An issue was discovered in OpenStack Horizon 25.6 and 25.7 before 25.7.3. There is a write operation to the session storage backend before authentication and thus storage can be exhausted by unauthen… New CWE-696
 Incorrect Behavior Order 		CVE-2026-43002 2026-05-6 03:16 2026-05-6 Show GitHub Exploit DB Packet Storm
5 9.1 CRITICAL
Network 		- - The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. New CWE-78
CWE-306
OS Command 
Missing Authentication for Critical Function 		CVE-2026-36356 2026-05-6 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
6 7.7 HIGH
Local 		- - The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access control checks on the write_mem (ioctl 0x89F5) and read_mem (ioct… New CWE-200
CWE-782
CWE-787
Information Exposure
 Exposed IOCTL with Insufficient Access Control
 Out-of-bounds Write 		CVE-2026-36355 2026-05-6 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
7 9.8 CRITICAL
Network 		synway smg_gateway_management_software Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and in… Update CWE-78
OS Command  		CVE-2025-71284 2026-05-6 03:09 2026-05-1 Show GitHub Exploit DB Packet Storm
8 8.0 HIGH
Network 		jenkins html_publisher Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with… Update CWE-79
Cross-site Scripting 		CVE-2026-42524 2026-05-6 03:06 2026-04-29 Show GitHub Exploit DB Packet Storm
9 9.0 CRITICAL
Network 		jenkins github Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a… Update CWE-79
Cross-site Scripting 		CVE-2026-42523 2026-05-6 03:06 2026-04-29 Show GitHub Exploit DB Packet Storm
10 5.9 MEDIUM
Network 		elastic elastic_package_registry Improper Verification of Cryptographic Signature (CWE-347) in Elastic Package Registry could allow an attacker positioned to intercept network traffic, or to otherwise influence the contents served t… Update CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-33467 2026-05-6 02:55 2026-04-29 Show GitHub Exploit DB Packet Storm