Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
221301	5.8	警告	Puppet	-	Puppet Enterprise のパスワードリセットページにおけるユーザパスワードを変更される脆弱性	CWE-255 証明書・パスワード管理	CVE-2013-4962	2013-10-23 10:36	2013-08-15	Show	GitHub Exploit DB Packet Storm

221302	4	警告	株式会社アイ・オー・データ機器	-	HDL-A および HDL2-A シリーズにおけるセッション管理に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-4712	2013-10-23 09:56	2013-10-18	Show	GitHub Exploit DB Packet Storm

221303	7.5	危険	vBulletin Solutions, Inc.	-	vBulletin の install/upgrade.php スクリプトにおける管理者アカウントを作成される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-6129	2013-10-22 19:38	2013-08-27	Show	GitHub Exploit DB Packet Storm

221304	8.5	危険	D-Link Systems, Inc.	-	D-Link DIR-100 ルータ上で稼働する /bin/webs の RuntimeDiagnosticPing 関数におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2013-6027	2013-10-22 19:38	2013-10-17	Show	GitHub Exploit DB Packet Storm

221305	10	危険	プラネックスコミュニケーションズ株式会社 Alpha Networks D-Link Systems, Inc.	-	D-Link 製ルータなどの製品上で稼働する Web インターフェースにおける認証を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-6026	2013-10-22 19:37	2013-10-17	Show	GitHub Exploit DB Packet Storm

221306	4.3	警告	ウォッチガード・テクノロジー	-	WatchGuard System Manager および Extensible Threat Management Fireware におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-5702	2013-10-22 19:37	2013-10-17	Show	GitHub Exploit DB Packet Storm

221307	6.8	警告	VMware	-	VMware vCenter Server の vSphere Web Client サーバにおける Web セッションをハイジャックされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-5971	2013-10-22 19:34	2013-10-17	Show	GitHub Exploit DB Packet Storm

221308	7.1	危険	VMware	-	VMware ESXi および ESX の hostd-vmdb におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2013-5970	2013-10-22 19:34	2013-10-17	Show	GitHub Exploit DB Packet Storm

221309	8.5	危険	シスコシステムズ	-	Cisco Adaptive Security Appliance ソフトウェアにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2013-5542	2013-10-22 19:33	2013-10-9	Show	GitHub Exploit DB Packet Storm

221310	5.8	警告	シスコシステムズ	-	Cisco Unified Computing System のファブリックインターコネクトコンポーネントにおける重要な情報を取得される脆弱性	CWE-310 暗号の問題	CVE-2012-4115	2013-10-22 19:32	2013-10-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
871	-		-	-	xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) `DOMParser` and `XMLSerializer` module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior,… New	CWE-91 Blind XPath Injection	CVE-2026-41672	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

872	6.1	MEDIUM Network	-	-	Admidio is an open-source user management solution. Prior to version 5.0.9, an unauthenticated attacker can execute arbitrary JavaScript in any Admidio user's browser through a reflected XSS in syste… New	CWE-79 Cross-site Scripting	CVE-2026-41661	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

873	6.5	MEDIUM Network	-	-	Admidio is an open-source user management solution. Prior to version 5.0.9, the ecard_preview.php endpoint does not validate that the ecard_template POST parameter is a safe filename before passing i… New	CWE-22 Path Traversal	CVE-2026-41655	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

874	6.1	MEDIUM Network	-	-	fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Prior to version 5.7.0, XMLBuilder does not escape the "-->" sequence in comment content or the … New	CWE-91 Blind XPath Injection	CVE-2026-41650	2026-05-8 01:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

875	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop A race condition between gether_disconnect() and eth_stop()… Update	CWE-362 Race Condition	CVE-2026-31728	2026-05-8 01:16	2026-05-2	Show	GitHub Exploit DB Packet Storm

876	-		-	-	Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This wa… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-41648	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

877	9.6	CRITICAL Network	-	-	Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A ma… New	CWE-22 Path Traversal	CVE-2026-41589	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

878	-		-	-	Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and … New	CWE-502 Deserialization of Untrusted Data	CVE-2026-41586	2026-05-8 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

879	5.3	MEDIUM Network	openclaw	openclaw	OpenClaw versions 2026.4.10 before 2026.4.14 contain a missing authorization vulnerability in the Microsoft Teams SSO invoke handler that fails to apply sender allowlist checks. Attackers can bypass … Update	CWE-862 Missing Authorization	CVE-2026-43572	2026-05-8 01:03	2026-05-5	Show	GitHub Exploit DB Packet Storm

880	8.8	HIGH Network	openclaw	openclaw	OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can expl… Update	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-43571	2026-05-8 01:03	2026-05-5	Show	GitHub Exploit DB Packet Storm