Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
203191 6 警告 ABB - ABB Panel Builder 800 における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-2281 2016-03-23 10:03 2016-03-17 Show GitHub Exploit DB Packet Storm
203192 4.3 警告 XZERES Wind Corp - XZERES 442SR Wind Turbines 上で稼動する 442SR OS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2287 2016-03-22 18:16 2016-03-21 Show GitHub Exploit DB Packet Storm
203193 4.3 警告 Novell - Novell Filr におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5968 2016-03-22 18:10 2015-12-11 Show GitHub Exploit DB Packet Storm
203194 4.3 警告 IBM - IBM WebSphere Application Server の OpenID Connect クライアント Web アプリケーションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-0283 2016-03-22 18:03 2016-03-18 Show GitHub Exploit DB Packet Storm
203195 4 警告 IBM - IBM WebSphere Process Server および Business Process Manager Advanced におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-7454 2016-03-22 18:03 2015-09-29 Show GitHub Exploit DB Packet Storm
203196 9 危険 IBM - IBM Tivoli NetView Access Services における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-9768 2016-03-22 18:03 2014-09-28 Show GitHub Exploit DB Packet Storm
203197 4 警告 DELL EMC (旧 EMC Corporation) - EMC Documentum xCP における重要なユーザアカウントのメタデータを取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-0886 2016-03-22 16:14 2016-03-7 Show GitHub Exploit DB Packet Storm
203198 10 危険 Google - Android のメディアサーバの libvpx における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-1621 2016-03-22 15:57 2016-03-7 Show GitHub Exploit DB Packet Storm
203199 6.6 警告 Google - Android のセットアップウィザードにおける Factory Reset Protection 保護メカニズムを回避される脆弱性 CWE-264
CWE-Other
CVE-2016-0832 2016-03-22 15:57 2016-03-7 Show GitHub Exploit DB Packet Storm
203200 4.3 警告 Google - Android の Telephony の internal/telephony/PhoneSubInfoController.java における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-0831 2016-03-22 15:57 2016-03-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
301 7.1 HIGH
Network 		- - PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4, apps/web/src/routes/skills.ts exposes an authenticated endpoint POST /api/sk… New CWE-20
CWE-693
CWE-918
 Improper Input Validation 
 Protection Mechanism Failure
Server-Side Request Forgery (SSRF)  		CVE-2026-42261 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
302 8.7 HIGH
Network 		- - zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization b… New CWE-22
CWE-61
Path Traversal
 UNIX Symbolic Link (Symlink) Following 		CVE-2026-42275 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
303 6.1 MEDIUM
Network 		- - In Thruk Monitoring through 2.46.3, the login field of the login form is vulnerable to reflected XSS. This vulnerability can be exploited by unauthenticated remote attackers to target users of the mo… New CWE-79
Cross-site Scripting 		CVE-2022-23961 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
304 - - - yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting YETI_AUTH_SECRET_KEY to a value other than SECRET). New - CVE-2024-46508 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
305 - - - LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution. New - CVE-2024-53326 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
306 - - - Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a username that is both a valid SQL statement and a valid regular express… New - CVE-2023-46453 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
307 3.0 LOW
Network 		- - In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing. New CWE-1336
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-44916 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
308 - - - Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.2.0, the /api/auth/login endpoint contains a logic flaw that allows unauthen… New CWE-208
 Information Exposure Through Timing Discrepancy 		CVE-2026-41161 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
309 8.1 HIGH
Network 		- - Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. From versions 1.3.0 to before 1.15.14, 1.16.0-rc.1 to before 1.16.14, and 1.17.0-rc.1 to before … New CWE-22
CWE-284
Path Traversal
Improper Access Control 		CVE-2026-41491 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm
310 - - - CROSS implementation contains reference and optimized implementations of the CROSS post-quantum signature algorithm. Prior to commit fc6b7e7, there is a buffer overflow in crypto_sign_open() caused b… New CWE-121
CWE-122
Stack-based Buffer Overflow
Heap-based Buffer Overflow 		CVE-2026-41509 2026-05-9 01:08 2026-05-8 Show GitHub Exploit DB Packet Storm