Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
203271 3.3 注意 Comcast - Comcast XFINITY Home Security の無線接続が切断されたときの処理に問題 CWE-Other
CWE-Other
CVE-2016-2398 2016-03-16 14:31 2016-01-5 Show GitHub Exploit DB Packet Storm
203272 7.5 重要
Network 		日本電気 - CLUSTERPRO X におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2016-1145 2016-03-16 14:23 2016-01-29 Show GitHub Exploit DB Packet Storm
203273 7.1 重要
Network 		株式会社コレガ - コレガ製の複数の無線 LAN ルータにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2016-1158 2016-03-16 13:45 2016-03-2 Show GitHub Exploit DB Packet Storm
203274 2.6 注意 ISC, Inc. - ISC BIND 9 Supported Preview Edition の rdataset.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2016-1284 2016-03-16 12:29 2016-01-26 Show GitHub Exploit DB Packet Storm
203275 6.6 警告 Google - Android のセットアップ ウィザードにおける Factory Reset Protection 保護メカニズムを回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0813 2016-03-16 12:26 2016-02-1 Show GitHub Exploit DB Packet Storm
203276 6.6 警告 Google - Android のセットアップ ウィザードにおける Factory Reset Protection 保護メカニズムを回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0812 2016-03-16 12:26 2016-02-1 Show GitHub Exploit DB Packet Storm
203277 7.8 危険 Google - Android の libmediaplayerservice の media/libmedia/ICrypto.cpp 関数における整数オーバーフローの脆弱性 CWE-200
情報漏えい 		CVE-2016-0811 2016-03-16 12:15 2016-02-1 Show GitHub Exploit DB Packet Storm
203278 6.9 警告 Google - Android のメディアサーバの media/libmedia/SoundPool.cpp における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0810 2016-03-16 12:15 2016-02-1 Show GitHub Exploit DB Packet Storm
203279 8.3 危険 Google - Android の Wi-Fi の bcmdhd/wifi_hal/wifi_hal.cpp の wifi_cleanup 関数における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-0809 2016-03-16 12:15 2016-02-1 Show GitHub Exploit DB Packet Storm
203280 4.9 警告 Google - Android の Minikin ライブラリの CmapCoverage.cpp の getCoverageFormat12 関数における整数オーバーフローの脆弱性 CWE-Other
その他 		CVE-2016-0808 2016-03-16 12:15 2016-02-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
81 6.8 MEDIUM
Network 		- - SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42291 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
82 9.8 CRITICAL
Network 		gitpython_project gitpython GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)… New CWE-88
Argument Injection 		CVE-2026-42284 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
83 - - - Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check th… New CWE-601
Open Redirect 		CVE-2026-42259 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
84 7.6 HIGH
Network 		- - ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the conte… New CWE-79
Cross-site Scripting 		CVE-2026-42224 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
85 - - - pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(… New CWE-195
CWE-918
 Signed to Unsigned Conversion Error
Server-Side Request Forgery (SSRF)  		CVE-2026-41682 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
86 7.9 HIGH
Local 		- - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when … New CWE-200
CWE-312
Information Exposure
 Cleartext Storage of Sensitive Information 		CVE-2026-41520 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
87 7.1 HIGH
Network 		- - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an … New CWE-345
CWE-863
CWE-1188
 Insufficient Verification of Data Authenticity
 Incorrect Authorization
 Insecure Default Initialization of Resource 		CVE-2026-41432 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
88 9.8 CRITICAL
Network 		- - ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. New CWE-94
Code Injection 		CVE-2026-36458 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
89 - - - Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal … New CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-32686 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
90 9.8 CRITICAL
Network 		- - The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… New CWE-285
Improper Authorization 		CVE-2026-30496 2026-05-9 08:16 2026-05-7 Show GitHub Exploit DB Packet Storm