Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 5, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
207631 6.5 警告 シスコシステムズ - Cisco Unified Communications Manager IM and Presence Service における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2015-4222 2015-06-29 15:47 2015-06-24 Show GitHub Exploit DB Packet Storm
207632 4 警告 シスコシステムズ - Cisco Unified Communications Manager IM and Presence Service における平文パスワードを特定される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-4221 2015-06-29 15:47 2015-06-24 Show GitHub Exploit DB Packet Storm
207633 4.3 警告 シスコシステムズ - Cisco Unified Presence Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4220 2015-06-29 15:47 2015-06-24 Show GitHub Exploit DB Packet Storm
207634 4.3 警告 CUPS - CUPS のテンプレートエンジンの cgi-bin/template.c の cgi_puts 関数におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-1159 2015-06-29 14:35 2015-06-9 Show GitHub Exploit DB Packet Storm
207635 10 危険 CUPS - CUPS の cupsd の scheduler/ipp.c 内の add_job 関数における参照カウントの文字列のデータ破損を誘発される脆弱性 CWE-Other
CWE-Other
CVE-2015-1158 2015-06-29 14:35 2015-06-9 Show GitHub Exploit DB Packet Storm
207636 4.3 警告 Google - Google Chrome の net/http/transport_security_state.cc の DecodeHSTSPreloadRaw 関数におけるアクセス制限を回避される脆弱性 CWE-Other
その他 		CVE-2015-1269 2015-06-29 14:04 2015-06-22 Show GitHub Exploit DB Packet Storm
207637 5 警告 Google - Google Chrome で使用される Blink の bindings/scripts/v8_types.py における同一生成元ポリシーを回避される脆弱性 CWE-Other
その他 		CVE-2015-1268 2015-06-29 14:04 2015-06-22 Show GitHub Exploit DB Packet Storm
207638 5 警告 Google - Google Chrome で使用される Blink における同一生成元ポリシーを回避される脆弱性 CWE-Other
その他 		CVE-2015-1267 2015-06-29 14:04 2015-06-22 Show GitHub Exploit DB Packet Storm
207639 5 警告 Google - Google Chrome の content/browser/webui/content_web_ui_controller_factory.cc におけるアクセス制限を回避される脆弱性 CWE-Other
その他 		CVE-2015-1266 2015-06-29 14:04 2015-06-22 Show GitHub Exploit DB Packet Storm
207640 6.8 警告 OpenStack - OpenStack Cinder における任意のファイルを読まれる脆弱性 CWE-200
情報漏えい 		CVE-2015-1851 2015-06-29 12:15 2015-06-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
61 - - - An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker … New CWE-539
 Use of Persistent Cookies Containing Sensitive Information 		CVE-2026-35192 2026-05-6 01:16 2026-05-6 Show GitHub Exploit DB Packet Storm
62 6.1 MEDIUM
Local 		- - A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit … New CWE-805
 Buffer Access with Incorrect Length Value 		CVE-2026-34002 2026-05-6 01:16 2026-05-6 Show GitHub Exploit DB Packet Storm
63 6.1 MEDIUM
Local 		- - A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an at… New CWE-125
Out-of-bounds Read 		CVE-2026-34000 2026-05-6 01:16 2026-05-6 Show GitHub Exploit DB Packet Storm
64 - - - Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Trans… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-32689 2026-05-6 01:16 2026-05-6 Show GitHub Exploit DB Packet Storm
65 - - - The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing aut… New - CVE-2026-31196 2026-05-6 01:16 2026-05-6 Show GitHub Exploit DB Packet Storm
66 - - - The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authentic… New - CVE-2026-31195 2026-05-6 01:16 2026-05-6 Show GitHub Exploit DB Packet Storm
67 6.5 MEDIUM
Network 		- - Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query str… New CWE-436
 Interpretation Conflict 		CVE-2026-30246 2026-05-6 01:16 2026-05-5 Show GitHub Exploit DB Packet Storm
68 5.4 MEDIUM
Network 		- - Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver n… New CWE-79
Cross-site Scripting 		CVE-2026-27694 2026-05-6 01:16 2026-05-5 Show GitHub Exploit DB Packet Storm
69 9.8 CRITICAL
Network 		- - Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file… New CWE-122
Heap-based Buffer Overflow 		CVE-2025-70067 2026-05-6 01:16 2026-05-4 Show GitHub Exploit DB Packet Storm
70 8.1 HIGH
Network 		- - IKUS Rdiffweb before 2.10.5 has an improper authorization flaw that allows an attacker with any valid or stolen access token to act as other users. The API does not enforce binding between the authen… New CWE-284
Improper Access Control 		CVE-2025-67796 2026-05-6 01:16 2026-05-5 Show GitHub Exploit DB Packet Storm