Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 4, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2351	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2025-39967	2026-02-5 15:46	2025-10-15	Show	GitHub Exploit DB Packet Storm

2352	6.7	警告 Local	デル	secure connect gateway	デルのsecure connect gatewayにおける不要な特権による実行に関する脆弱性	CWE-250 CWE-noinfo	CVE-2025-46696	2026-02-5 15:46	2026-01-6	Show	GitHub Exploit DB Packet Storm

2353	8.6	重要 Network	Sick	Media Server	SickのMedia Serverにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-49181	2026-02-5 15:46	2025-06-12	Show	GitHub Exploit DB Packet Storm

2354	9.1	緊急 Network	Node.js Foundation	Node.js	Node.js FoundationのNode.jsにおける代替名による認証回避に関する脆弱性	CWE-289 代替名による認証回避	CVE-2025-55130	2026-02-5 15:46	2026-01-20	Show	GitHub Exploit DB Packet Storm

2355	5.3	警告 Network	Node.js Foundation	Node.js	Node.js FoundationのNode.jsにおける不適切なデフォルトパーミッションに関する脆弱性	CWE-276 不適切なデフォルトパーミッション	CVE-2025-55132	2026-02-5 15:46	2026-01-20	Show	GitHub Exploit DB Packet Storm

2356	7.5	重要 Network	OwnTone project	OwnTone	OwnTone projectのOwnToneにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2025-57155	2026-02-5 15:46	2026-01-20	Show	GitHub Exploit DB Packet Storm

2357	6.5	警告 Network	Engineering Ingegneria Informatica	knowage	Engineering Ingegneria Informaticaのknowageにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2025-58441	2026-02-5 15:46	2026-01-7	Show	GitHub Exploit DB Packet Storm

2358	8.7	重要 Network	Ultimate Fosters	Ultimate POS	Ultimate FostersのUltimate POSにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-60503	2026-02-5 15:46	2025-11-3	Show	GitHub Exploit DB Packet Storm

2359	5.3	警告 Network	The Go Project	Go	The Go ProjectのGoにおける不特定の脆弱性	CWE-noinfo 情報不足	CVE-2025-61730	2026-02-5 15:46	2026-01-28	Show	GitHub Exploit DB Packet Storm

2360	4.3	警告 Network	webinarpress	webinarpress	WordPress用webinarpressにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-62972	2026-02-5 15:45	2025-10-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 4, 2026, 4:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
561	6.1	MEDIUM Network	-	-	A stored cross-site scripting (XSS) vulnerability in the /api/blade-desk/notice/submit endpoint of SpringBlade v4.8.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted…	CWE-79 Cross-site Scripting	CVE-2026-36763	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

562	-		-	-	An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi…	-	CVE-2026-36762	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

563	6.1	MEDIUM Network	-	-	A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into th…	CWE-79 Cross-site Scripting	CVE-2026-36761	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

564	9.6	CRITICAL Network	-	-	An issue in the fileMd5 parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files w…	CWE-22 Path Traversal	CVE-2026-36760	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

565	6.5	MEDIUM Network	-	-	A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-36759	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

566	4.3	MEDIUM Network	-	-	A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-36758	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

567	4.3	MEDIUM Network	-	-	A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-36757	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

568	5.4	MEDIUM Network	-	-	A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-36756	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

569	8.1	HIGH Network	-	-	An issue in Krayin CRM v.2.1.5 and fixed in v.2.1.6 allows a remote attacker to execute arbitrary code via the compose email function	CWE-94 Code Injection	CVE-2026-36340	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm

570	7.5	HIGH Network	-	-	A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This…	CWE-191 Integer Underflow (Wrap or Wraparound)	CVE-2026-33845	2026-05-1 03:16	2026-05-1	Show	GitHub Exploit DB Packet Storm