Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
213961	5	警告	シスコシステムズ	-	ASR901 デバイス上で稼働する Cisco IOS におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2014-3293	2014-10-30 14:52	2014-10-27	Show	GitHub Exploit DB Packet Storm

213962	4.3	警告	F5 Networks	-	複数の F5 BIG-IP 製品の Configuration ユーティリティの tmui/dashboard/echo.jsp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-4023	2014-10-30 14:40	2014-08-25	Show	GitHub Exploit DB Packet Storm

213963	7.8	危険	openarena ioquake3 tremulous	-	ioquake3 などで使用される Quake3 Arena の server/sv_main.c におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-5077	2014-10-30 14:20	2010-01-3	Show	GitHub Exploit DB Packet Storm

213964	7.5	危険	WordPress.org	-	WordPress の wp-links/links.all.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2003-1599	2014-10-30 13:51	2003-06-2	Show	GitHub Exploit DB Packet Storm

213965	4	警告	Oliver Eglseder	-	TYPO3 用 fal_sftp エクステンションにおける重要な情報を取得される脆弱性	CWE-noinfo 情報不足	CVE-2014-8327	2014-10-30 13:43	2014-09-15	Show	GitHub Exploit DB Packet Storm

213966	5	警告	FreeBSD	-	FreeBSD の routed におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2014-3955	2014-10-29 18:27	2014-10-21	Show	GitHub Exploit DB Packet Storm

213967	10	危険	FreeBSD	-	FreeBSD の rtsold におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2014-3954	2014-10-29 18:26	2014-10-21	Show	GitHub Exploit DB Packet Storm

213968	5	警告	FreeBSD	-	FreeBSD の namei におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2014-3711	2014-10-29 18:25	2014-10-21	Show	GitHub Exploit DB Packet Storm

213969	5	警告	レッドハット	-	Red Hat CloudForms Management Engine の AgentController における任意のテキストをログファイルに挿入される脆弱性	CWE-20 不適切な入力確認	CVE-2014-0136	2014-10-29 17:42	2014-08-13	Show	GitHub Exploit DB Packet Storm

213970	7.5	危険	Django Software Foundation	-	Django Tastypie のserializers.py の from_yaml メソッドにおける任意の Python コードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-4104	2014-10-29 17:41	2011-11-1	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1211	5.9	MEDIUM Network	perldancer	dancer\	Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the proce… Update	CWE-338 CWE-340 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Generation of Predictable Numbers or Identifiers	CVE-2026-5080	2026-05-5 11:54	2026-04-30	Show	GitHub Exploit DB Packet Storm

1212	5.3	MEDIUM Network	asrmicro	asr1901_firmware asr1903_firmware	NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/s… Update	CWE-476 NULL Pointer Dereference	CVE-2026-42800	2026-05-5 11:54	2026-04-30	Show	GitHub Exploit DB Packet Storm

1213	9.8	CRITICAL Network	asrmicro	asr1803_firmware	Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects … Update	CWE-125 Out-of-bounds Read	CVE-2026-42799	2026-05-5 11:53	2026-04-30	Show	GitHub Exploit DB Packet Storm

1214	9.8	CRITICAL Network	oppo	coloros_assistant	ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. Update	CWE-23 CWE-22 Relative Path Traversal Path Traversal	CVE-2026-22070	2026-05-5 11:53	2026-04-30	Show	GitHub Exploit DB Packet Storm

1215	7.5	HIGH Network	4d	server	Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adja… Update	CWE-611 XXE	CVE-2024-39847	2026-05-5 11:51	2026-04-30	Show	GitHub Exploit DB Packet Storm

1216	9.8	CRITICAL Network	pylixm	django-mdeditor	All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary c… Update	CWE-306 Missing Authentication for Critical Function	CVE-2025-13030	2026-05-5 11:50	2026-04-30	Show	GitHub Exploit DB Packet Storm

1217	4.8	MEDIUM Network	gnu	wget2	wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpos… Update	CWE-20 Improper Input Validation	CVE-2026-1858	2026-05-5 11:47	2026-04-30	Show	GitHub Exploit DB Packet Storm

1218	9.8	CRITICAL Network	tenda	w3002r_firmware a302_firmware w309r_firmware	Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient se… Update	CWE-290 Authentication Bypass by Spoofing	CVE-2018-25317	2026-05-5 11:46	2026-04-30	Show	GitHub Exploit DB Packet Storm

1219	8.8	HIGH Network	geovision	gv-lpc2011_firmware gv-lpc2211_firmware	An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An… New	CWE-78 OS Command	CVE-2026-42364	2026-05-5 11:45	2026-05-4	Show	GitHub Exploit DB Packet Storm

1220	6.5	MEDIUM Network	geovision	gv-lpc2011_firmware gv-lpc2211_firmware	A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker … New	CWE-522 Insufficiently Protected Credentials	CVE-2026-42367	2026-05-5 11:45	2026-05-4	Show	GitHub Exploit DB Packet Storm