Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
237341 4.3 警告 php jackknife - PHPJK におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3001 2012-09-25 16:47 2007-06-4 Show GitHub Exploit DB Packet Storm
237342 7.5 危険 php jackknife - PHPJK における SQL インジェクションの脆弱性 - CVE-2007-3000 2012-09-25 16:47 2007-06-4 Show GitHub Exploit DB Packet Storm
237343 1.8 注意 マイクロソフト - Microsoft Windows Server 2003 におけるアカウント名を特定される脆弱性 - CVE-2007-2999 2012-09-25 16:47 2007-06-4 Show GitHub Exploit DB Packet Storm
237344 4.9 警告 ヒューレット・パッカード - OpenVMS for Integrity Servers の PAS$RTL.EXE におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2007-2998 2012-09-25 16:47 2007-06-4 Show GitHub Exploit DB Packet Storm
237345 4.3 警告 omegasoft - OMEGA INSEL の OmegaMw7.asp におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-2993 2012-09-25 16:47 2007-06-4 Show GitHub Exploit DB Packet Storm
237346 7.5 危険 omegasoft - OMEGA INSEL の OmegaMw7.asp における SQL インジェクションの脆弱性 - CVE-2007-2992 2012-09-25 16:47 2007-06-4 Show GitHub Exploit DB Packet Storm
237347 7.5 危険 inoutscripts - Inout Meta Search Engine の特定の admin スクリプトにおける任意の PHP コードを挿入される脆弱性 - CVE-2007-2988 2012-09-25 16:47 2007-06-1 Show GitHub Exploit DB Packet Storm
237348 7.5 危険 nexen - AdminBot MX の lib/live_status.lib.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-2986 2012-09-25 16:47 2007-06-1 Show GitHub Exploit DB Packet Storm
237349 10 危険 pheap - Pheap における認証を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2007-2985 2012-09-25 16:47 2007-06-1 Show GitHub Exploit DB Packet Storm
237350 6.8 警告 media technology group - CDPass.dll におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-2984 2012-09-25 16:47 2007-06-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1211 7.5 HIGH
Network 		- - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malici… Update CWE-770
CWE-789
 Allocation of Resources Without Limits or Throttling
 Memory Allocation with Excessive Size Value 		CVE-2026-42189 2026-05-12 01:17 2026-05-9 Show GitHub Exploit DB Packet Storm
1212 7.5 HIGH
Network 		- - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo… Update CWE-674
 Uncontrolled Recursion 		CVE-2026-41311 2026-05-12 01:17 2026-05-9 Show GitHub Exploit DB Packet Storm
1213 - - - Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitat… New CWE-79
Cross-site Scripting 		CVE-2026-3320 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1214 - - - Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploi… New CWE-79
Cross-site Scripting 		CVE-2026-3319 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1215 - - - Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf… New - CVE-2026-31247 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1216 - - - GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system… New - CVE-2026-31246 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1217 6.4 MEDIUM
Adjacent 		- - Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.… New CWE-284
CWE-863
Improper Access Control
 Incorrect Authorization 		CVE-2025-9973 2026-05-12 01:17 2026-05-11 Show GitHub Exploit DB Packet Storm
1218 - - - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this rec… New - CVE-2025-63750 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1219 8.1 HIGH
Network 		weblate weblate Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p… Update CWE-20
CWE-918
 Improper Input Validation 
Server-Side Request Forgery (SSRF)  		CVE-2026-41654 2026-05-12 00:30 2026-05-8 Show GitHub Exploit DB Packet Storm
1220 6.5 MEDIUM
Network 		mongodb mongodb An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… Update CWE-476
 NULL Pointer Dereference 		CVE-2026-8063 2026-05-12 00:26 2026-05-7 Show GitHub Exploit DB Packet Storm