Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
209571 7.5 危険 Hahn Creative Group - Labs - WordPress 用 ReFlex Gallery プラグインの admin/scripts/FileUploader/php.php における任意の PHP コードを実行される脆弱性 CWE-Other
その他 		CVE-2015-4133 2015-06-1 17:19 2015-03-16 Show GitHub Exploit DB Packet Storm
209572 4.3 警告 Church Admin Plugin - WordPress 用 Church Admin プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4127 2015-06-1 17:18 2015-04-21 Show GitHub Exploit DB Packet Storm
209573 4.3 警告 Free Counter - WordPress 用 Free Counter プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4084 2015-06-1 17:18 2015-05-25 Show GitHub Exploit DB Packet Storm
209574 3.5 注意 アルバネットワークス株式会社 - Aruba Networks ClearPass Policy Manager におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4132 2015-06-1 14:23 2015-05-28 Show GitHub Exploit DB Packet Storm
209575 4 警告 アルバネットワークス株式会社 - Aruba Networks ClearPass Policy Manager におけるディレクトリトラバーサルの脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-1551 2015-06-1 14:23 2015-03-25 Show GitHub Exploit DB Packet Storm
209576 9 危険 アルバネットワークス株式会社 - Aruba Networks ClearPass Policy Manager におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2015-1550 2015-06-1 14:23 2015-03-25 Show GitHub Exploit DB Packet Storm
209577 6.5 警告 アルバネットワークス株式会社 - Aruba Networks ClearPass Policy Manager における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2015-1392 2015-06-1 14:23 2015-03-25 Show GitHub Exploit DB Packet Storm
209578 9 危険 アルバネットワークス株式会社 - Aruba Networks ClearPass Policy Manager における任意のコードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2014-6628 2015-06-1 14:23 2014-09-19 Show GitHub Exploit DB Packet Storm
209579 5.8 警告 phpwind - phpwind の goto.php におけるオープンリダイレクトの脆弱性 CWE-Other
その他 		CVE-2015-4134 2015-06-1 12:07 2015-05-24 Show GitHub Exploit DB Packet Storm
209580 4.3 警告 phpwind - phpwind の goto.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-4135 2015-06-1 12:07 2015-05-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1011 5.3 MEDIUM
Network 		eclipse vert.x A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep… Update CWE-770
CWE-295
 Allocation of Resources Without Limits or Throttling
Improper Certificate Validation  		CVE-2026-6860 2026-05-12 22:42 2026-05-6 Show GitHub Exploit DB Packet Storm
1012 6.5 MEDIUM
Network 		apache cloudstack The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… Update CWE-359
 Exposure of Private Personal Information to an Unauthorized Actor 		CVE-2025-66171 2026-05-12 22:31 2026-05-8 Show GitHub Exploit DB Packet Storm
1013 8.1 HIGH
Network 		apache cloudstack The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… Update CWE-359
 Exposure of Private Personal Information to an Unauthorized Actor 		CVE-2025-66172 2026-05-12 22:30 2026-05-8 Show GitHub Exploit DB Packet Storm
1014 - - - Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow_sse:event/1 in cowlib guards… New CWE-93
CRLF Injection 		CVE-2026-43968 2026-05-12 22:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1015 2.9 LOW
Local 		- - The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information. New - CVE-2026-32684 2026-05-12 20:16 2026-05-12 Show GitHub Exploit DB Packet Storm
1016 - - - Insecure generation of credentials in the local SAT (Technical Support) access functionality of the Ingecon Sun EMS Board. The vulnerability arose because the secret access credentials were not based… New CWE-327
 Use of a Broken or Risky Cryptographic Algorithm 		CVE-2026-8072 2026-05-12 19:16 2026-05-12 Show GitHub Exploit DB Packet Storm
1017 6.1 MEDIUM
Local 		- - Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the d… New CWE-674
 Uncontrolled Recursion 		CVE-2026-1681 2026-05-12 16:16 2026-05-12 Show GitHub Exploit DB Packet Storm
1018 7.1 HIGH
Network 		- - The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization flow against CSRF attacks. New CWE-352
 Origin Validation Error 		CVE-2026-45430 2026-05-12 13:16 2026-05-12 Show GitHub Exploit DB Packet Storm
1019 7.1 HIGH
Network 		- - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an … Update CWE-345
CWE-863
CWE-1188
 Insufficient Verification of Data Authenticity
 Incorrect Authorization
 Insecure Default Initialization of Resource 		CVE-2026-41432 2026-05-12 12:16 2026-05-9 Show GitHub Exploit DB Packet Storm
1020 4.3 MEDIUM
Network 		google chrome Inappropriate implementation in Media in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) Update NVD-CWE-noinfo
CWE-346
 Origin Validation Error 		CVE-2026-7979 2026-05-12 10:16 2026-05-7 Show GitHub Exploit DB Packet Storm