Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 1, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
220351	2.1	注意	ヒューレット・パッカード	-	複数の HP 製品における権限を取得される脆弱性	CWE-noinfo 情報不足	CVE-2013-6216	2014-04-15 14:04	2013-10-21	Show	GitHub Exploit DB Packet Storm

220352	9.3	危険	BlackBerry	-	Blackberry Z10 デバイスのソフトウェアの qconnDoor におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2014-2389	2014-04-15 13:46	2014-04-8	Show	GitHub Exploit DB Packet Storm

220353	5	警告	シスコシステムズ	-	Cisco ONS 15454 コントローラカードのソフトウェアにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2014-2142	2014-04-15 12:26	2014-04-7	Show	GitHub Exploit DB Packet Storm

220354	5	警告	シスコシステムズ	-	Cisco ONS 15454 コントローラカードのソフトウェアにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2014-2140	2014-04-15 12:26	2014-04-8	Show	GitHub Exploit DB Packet Storm

220355	5	警告	シスコシステムズ	-	Cisco ONS 15454 コントローラカードのソフトウェアにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2014-2139	2014-04-15 12:25	2014-04-8	Show	GitHub Exploit DB Packet Storm

220356	7.5	危険	SAP	-	SAP エンタープライズポータルにおける権限を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7367	2014-04-15 12:21	2013-02-21	Show	GitHub Exploit DB Packet Storm

220357	5	警告	SAP	-	SAP ソフトウェアデプロイメントマネージャにおけるサービス運用妨害 (DoS) の脆弱性	CWE-287 不適切な認証	CVE-2013-7366	2014-04-15 12:20	2013-02-21	Show	GitHub Exploit DB Packet Storm

220358	4.3	警告	SAP	-	SAP エンタープライズポータルにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7365	2014-04-15 12:20	2013-02-21	Show	GitHub Exploit DB Packet Storm

220359	7.5	危険	SAP	-	SAP NetWeaver の J2EE エンジンの不特定の J2EE コアサービスにおける任意のファイルを読まれる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7364	2014-04-15 12:19	2013-02-21	Show	GitHub Exploit DB Packet Storm

220360	7.5	危険	SAP	-	SAP Solution Manager の Diagnostics エージェントにおける重要な情報を取得される脆弱性	CWE-noinfo 情報不足	CVE-2013-7363	2014-04-15 12:19	2013-02-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 1, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3061	-		-	-	The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itsel…	CWE-89 SQL Injection	CVE-2026-8827	2026-05-19 23:47	2026-05-19	Show	GitHub Exploit DB Packet Storm

3062	-		-	-	An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network (qtbase) in Qt Qt Framework (Unix) allows a local attacker to load a rogue CA certificate as a trusted syste…	CWE-427 Uncontrolled Search Path Element	CVE-2025-14575	2026-05-19 23:46	2026-05-19	Show	GitHub Exploit DB Packet Storm

3063	-		-	-	Sparx Pro Cloud Server is vulnerable to Broken Access Control within communication with the database. Due to lack of permission checks, any low privileged user can run arbitrary SQL queries within da…	CWE-863 Incorrect Authorization	CVE-2026-42096	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

3064	-		-	-	Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42097	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

3065	-		-	-	Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e…	CWE-603 Use of Client-Side Authentication	CVE-2026-42098	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

3066	-		-	-	Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…	CWE-362 Race Condition	CVE-2026-42099	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

3067	-		-	-	Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-42100	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

3068	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3069	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3070	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm