Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 10, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
209001	6.5	警告	NewStatPress project	-	WordPress 用 NewStatPress プラグインの includes/nsp_search.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2015-4062	2015-05-29 14:14	2015-05-20	Show	GitHub Exploit DB Packet Storm

209002	3.5	注意	NewStatPress project	-	WordPress 用 NewStatPress プラグインの includes/nsp_search.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-4063	2015-05-29 14:14	2015-05-20	Show	GitHub Exploit DB Packet Storm

209003	4.3	警告	アルバネットワークス株式会社	-	Aruba Networks ClearPass Policy Manager におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-1389	2015-05-29 14:11	2015-03-25	Show	GitHub Exploit DB Packet Storm

209004	6.8	警告	オープンCADフォーマット評議会	-	SXF 共通ライブラリにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2015-2946	2015-05-28 18:13	2015-05-22	Show	GitHub Exploit DB Packet Storm

209005	7.5	危険	Bomgar Corporation	-	Bomgar Remote Support に信頼していないデータをデシリアライズする脆弱性	CWE-94 CWE-Other	CVE-2015-0935	2015-05-28 18:09	2015-05-5	Show	GitHub Exploit DB Packet Storm

209006	7.5	危険	藤本壱	-	mt-phpincgi において任意の PHP コードが実行可能な脆弱性	CWE-94 コード・インジェクション	CVE-2015-2945	2015-05-28 18:05	2015-05-20	Show	GitHub Exploit DB Packet Storm

209007	10	危険	マイクロソフト	-	複数の Microsoft 製品の OLE における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2014-6332	2015-05-28 17:32	2014-11-11	Show	GitHub Exploit DB Packet Storm

209008	4.3	警告	The phpMyAdmin Project	-	phpMyAdmin の libraries/Config.class.php におけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2015-3903	2015-05-28 17:01	2015-05-13	Show	GitHub Exploit DB Packet Storm

209009	6.8	警告	The phpMyAdmin Project	-	phpMyAdmin の設定処理におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2015-3902	2015-05-28 17:01	2015-05-13	Show	GitHub Exploit DB Packet Storm

209010	5	警告	Wireshark	-	Wireshark の Android Logcat ファイルパーサの wiretap/logcat.c 内の logcat_dump_text 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2015-3906	2015-05-28 16:44	2015-05-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
861	3.5	LOW Network	hcltech	bigfix_service_management	HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. This could lead to confidentiality and privacy risks if sensitive location information is unintentio… Update	CWE-1230 Exposure of Sensitive Information Through Metadata	CVE-2025-31959	2026-05-8 01:35	2026-05-7	Show	GitHub Exploit DB Packet Storm

862	5.3	MEDIUM Network	hcltech	bigfix_service_management	HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. Exposed server banners may reveal software versions and system details, potentially a… Update	CWE-200 Information Exposure	CVE-2025-31975	2026-05-8 01:33	2026-05-7	Show	GitHub Exploit DB Packet Storm

863	7.5	HIGH Network	hcltech	bigfix_service_management	HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials for a short duration while communicating with a backend, internal application which could allow an attacker to… Update	CWE-200 CWE-522 Information Exposure Insufficiently Protected Credentials	CVE-2025-31976	2026-05-8 01:30	2026-05-7	Show	GitHub Exploit DB Packet Storm

864	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe ("usb: gadget: uvc: allow for application t… Update	CWE-476 NULL Pointer Dereference	CVE-2026-31726	2026-05-8 01:26	2026-05-2	Show	GitHub Exploit DB Packet Storm

865	4.6	MEDIUM Network	hcltech	bigfix_service_management	HCL BigFix Service Management (SM) does not adequately sanitize or safely render spreadsheet files (CSV, XLS, XLSX) before processing or distributing them. An attacker could populate data fields whic… Update	CWE-201 Insertion of Sensitive Information Into Sent Data	CVE-2025-31978	2026-05-8 01:26	2026-05-7	Show	GitHub Exploit DB Packet Storm

866	5.4	MEDIUM Network	hcltech	bigfix_service_management	HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header. This could allow browsers to perform MIME-type sniffing, p… Update	CWE-200 Information Exposure	CVE-2025-31984	2026-05-8 01:25	2026-05-7	Show	GitHub Exploit DB Packet Storm

867	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycl… Update	CWE-476 NULL Pointer Dereference	CVE-2026-31727	2026-05-8 01:20	2026-05-2	Show	GitHub Exploit DB Packet Storm

868	6.8	MEDIUM Network	-	-	Admidio is an open-source user management solution. Prior to version 5.0.9, the incomplete SSRF fix in Admidio's fetch_metadata.php validates the resolved IP address but passes the original hostname-… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-42194	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

869	6.0	MEDIUM Network	-	-	Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the webhook notification feature reuses an administrator-configured local-target allowlist for ever… New	CWE-863 CWE-918 Incorrect Authorization Server-Side Request Forgery (SSRF)	CVE-2026-41689	2026-05-8 01:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

870	4.3	MEDIUM Network	-	-	Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.8.1, the SSRF protection in endpoints/subscription/add.php (line 42) and endpoints/payments/add.php (line 40)… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-41687	2026-05-8 01:16	2026-05-8	Show	GitHub Exploit DB Packet Storm