Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
235601	7.5	危険	Nullsoft	-	Nullsoft Winamp における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2008-3441	2012-09-25 17:17	2008-08-1	Show	GitHub Exploit DB Packet Storm

235602	7.5	危険	OpenOffice.org Project	-	OOo における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2008-3437	2012-09-25 17:17	2008-08-1	Show	GitHub Exploit DB Packet Storm

235603	7.5	危険	Don Ho	-	Notepad++ の GUP 標準アップデートプロセスにおける任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2008-3436	2012-09-25 17:17	2008-08-1	Show	GitHub Exploit DB Packet Storm

235604	7.5	危険	linkedin	-	LinkedIn Browser Toolbar における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2008-3435	2012-09-25 17:17	2008-08-1	Show	GitHub Exploit DB Packet Storm

235605	6.8	警告	HTTrack	-	Httrack と WinHTTrack の URI 処理におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-3429	2012-09-25 17:17	2008-07-31	Show	GitHub Exploit DB Packet Storm

235606	7.5	危険	IBM	-	IBM WebSphere Portal における管理アクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-3423	2012-09-25 17:17	2008-08-3	Show	GitHub Exploit DB Packet Storm

235607	4.3	警告	Mono Project	-	Mono の ASP.net クラスライブラリにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3422	2012-09-25 17:17	2008-07-31	Show	GitHub Exploit DB Packet Storm

235608	7.5	危険	icebb	-	IceBB の modules/members.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3416	2012-09-25 17:17	2008-07-31	Show	GitHub Exploit DB Packet Storm

235609	6.8	警告	nazgulled	-	Ricardo Amaral nzFotolog の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-3405	2012-09-25 17:17	2008-07-31	Show	GitHub Exploit DB Packet Storm

235610	4.3	警告	mdsjack	-	MJGuest の guestbook.js.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3404	2012-09-25 17:17	2008-07-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1121	8.0	HIGH Network	-	-	Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide… New	CWE-862 Missing Authorization	CVE-2026-43639	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1122	5.4	MEDIUM Network	-	-	Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz… New	CWE-862 Missing Authorization	CVE-2026-43638	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1123	-		-	-	Inbox Zero is an AI personal assistant for email. Prior to 2.29.3, the cleaner email stream endpoint used a shared Redis subscription listener, which could deliver thread events for one authenticated… New	CWE-200 Information Exposure	CVE-2026-42865	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1124	-		-	-	Neat VNC is a VNC server library. Prior to 0.9.6, a pre-authentication stack buffer overflow exists in neatvnc in the RSA-AES security type handler. An unauthenticated remote attacker who can reach t… New	CWE-120 Classic Buffer Overflow	CVE-2026-42859	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1125	-		-	-	Network-AI is a TypeScript/Node.js multi-agent orchestrator. Prior to 5.1.3, the MCP HTTP transport accepts JSON-RPC tools/call requests with no authentication, session, origin, or token check, and d… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-42856	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1126	8.8	HIGH Network	-	-	OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to 2.1.2, .github/workflows/pre-commit-fix.yaml uses pull_request_ta… New	CWE-94 CWE-95 Code Injection Eval Injection	CVE-2026-42603	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1127	9.1	CRITICAL Network	-	-	auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon OAuth provider maps every authenticated Patreon account to the … Update	CWE-287 Improper Authentication	CVE-2026-42560	2026-05-12 03:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

1128	6.5	MEDIUM Network	-	-	kafka-sink-azure-kusto Kafka Connect plugin is the official Microsoft sink for Azure Data Explorer (Kusto). Prior to 5.2.3, kafka-sink-azure-kusto did not sanitize user-controlled values inside the k… New	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-42316	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1129	8.1	HIGH Network	-	-	pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the set_package_data() API function call inside the data object with key "_… New	CWE-22 CWE-36 Path Traversal Absolute Path Traversal	CVE-2026-42315	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

1130	6.5	MEDIUM Network	-	-	pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, package folder names are sanitized using insufficient string replacement. The pattern ....// becomes .._ … New	CWE-22 Path Traversal	CVE-2026-42314	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm