Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 30, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
205661	6.1	警告 Network	株式会社ヒニアラタ	-	baserCMS 用プラグイン「メニューブックプラグイン」におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-1169	2016-04-8 16:48	2016-04-6	Show	GitHub Exploit DB Packet Storm

205662	4.3	警告 Network	株式会社ヒニアラタ	-	baserCMS 用プラグイン「求人情報プラグイン」におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2016-1170	2016-04-8 16:48	2016-04-6	Show	GitHub Exploit DB Packet Storm

205663	6.1	警告 Network	株式会社ヒニアラタ	-	baserCMS 用プラグイン「求人情報プラグイン」におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-1169	2016-04-8 16:48	2016-04-6	Show	GitHub Exploit DB Packet Storm

205664	7.5	重要 Network	Eaton	-	Eaton Lighting EG2 Web Control における脆弱性	CWE-Other その他	CVE-2016-2272	2016-04-8 15:48	2016-04-5	Show	GitHub Exploit DB Packet Storm

205665	7.5	重要 Network	Eaton	-	Eaton Lighting EG2 Web Control における設定ファイルを読まれる脆弱性	CWE-200 情報漏えい	CVE-2016-0871	2016-04-8 15:48	2016-04-5	Show	GitHub Exploit DB Packet Storm

205666	9.8	緊急 Network	シスコシステムズ	-	Cisco UCS Invicta C3124SA アプライアンスなどの製品における root のアクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2016-1313	2016-04-8 15:16	2016-04-6	Show	GitHub Exploit DB Packet Storm

205667	9.8	緊急 Network	シスコシステムズ	-	Cisco Prime Infrastructure および Evolved Programmable Network Manager における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2016-1291	2016-04-8 15:16	2016-04-6	Show	GitHub Exploit DB Packet Storm

205668	8.1	重要 Network	シスコシステムズ	-	Cisco Prime Infrastructure および Evolved Programmable Network Manager の Web API における RBAC 制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2016-1290	2016-04-8 15:16	2016-04-6	Show	GitHub Exploit DB Packet Storm

205669	5.9	警告 Network	シスコシステムズ	-	Cisco Mobility Services Engine 8710 デバイス上で稼動する TelePresence Server のカーネルにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2016-1346	2016-04-8 15:14	2016-04-6	Show	GitHub Exploit DB Packet Storm

205670	7.5	重要 Network	シスコシステムズ	-	複数のデバイス上で稼動する Cisco TelePresence Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2015-6313	2016-04-8 15:14	2015-08-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 30, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
331	-		-	-	electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and no MAC leads to confid… New	CWE-326 CWE-329 CWE-353 CWE-759 CWE-916 Inadequate Encryption Strength Not Using a Random IV with CBC Mode Missing Support for Integrity Check Use of a One-Way Hash without a Salt Use of Password Hash With Insufficient Computational Effort	CVE-2026-45787	2026-05-30 00:34	2026-05-29	Show	GitHub Exploit DB Packet Storm

332	6.1	MEDIUM Network	golang	net	Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML befo… Update	CWE-1021 Improper Restriction of Rendered UI Layers or Frames	CVE-2026-25681	2026-05-30 00:30	2026-05-23	Show	GitHub Exploit DB Packet Storm

333	7.5	HIGH Network	-	-	Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass use… New	CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-44209	2026-05-30 00:29	2026-05-27	Show	GitHub Exploit DB Packet Storm

334	5.4	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In 2025.92 and earlier, a stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales (Core/Lib/Aja… New	CWE-79 Cross-site Scripting	CVE-2026-42877	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm

335	-		-	-	Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devi… New	CWE-89 SQL Injection	CVE-2026-44886	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm

336	9.8	CRITICAL Network	-	-	Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's web-based configuration editor allows arbitrary Python code to be injected into pialert.conf. S… New	CWE-94 Code Injection	CVE-2026-44887	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm

337	9.8	CRITICAL Network	-	-	Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. Prior to 2026-05-07, Pi.Alert's SaveConfigFile() endpoint writes user-supplied numeric config values (e.g., SMTP_PORT) directly… New	CWE-94 Code Injection	CVE-2026-44888	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm

338	-		-	-	OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to 2.0.4, a critical authentication vulnerability was identified in OpenLearnX that could allow unauthorized access… New	CWE-287 CWE-347 Improper Authentication Improper Verification of Cryptographic Signature	CVE-2026-44720	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm

339	9.8	CRITICAL Network	-	-	The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted … New	CWE-306 Missing Authentication for Critical Function	CVE-2026-45083	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm

340	-		-	-	Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the r… New	CWE-113 CWE-790 HTTP Response Splitting	CVE-2026-9658	2026-05-30 00:29	2026-05-28	Show	GitHub Exploit DB Packet Storm