Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 30, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
245481 6.8 警告 backlinkspider - BackLinkSpider における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2096 2012-06-26 16:02 2008-05-7 Show GitHub Exploit DB Packet Storm
245482 7.5 危険 actualscripts - ActualScripts ActualAnalyzer Lite の admin.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-2076 2012-06-26 16:02 2008-05-5 Show GitHub Exploit DB Packet Storm
245483 4.3 警告 astrocam - AstroCam の pic.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2075 2012-06-26 16:02 2008-05-5 Show GitHub Exploit DB Packet Storm
245484 4.3 警告 cPanel - cPanel の WHM インターフェースにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-2071 2012-06-26 16:02 2008-05-12 Show GitHub Exploit DB Packet Storm
245485 4.3 警告 cPanel - cPanel の WHM インターフェースにおける任意の Web スクリプトを挿入される脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2070 2012-06-26 16:02 2008-05-12 Show GitHub Exploit DB Packet Storm
245486 4.3 警告 Bitrix - Bitrix Site Manager の redirect.php におけるオープンリダイレクトの脆弱性 CWE-59
リンク解釈の問題 		CVE-2008-2052 2012-06-26 16:02 2008-05-2 Show GitHub Exploit DB Packet Storm
245487 4.3 警告 e-post corporation - E-Post Mail Server の EPSTPOP3S.EXE における重要な情報が取得される脆弱性 CWE-200
情報漏えい 		CVE-2008-2049 2012-06-26 16:02 2008-05-1 Show GitHub Exploit DB Packet Storm
245488 4.3 警告 ASP indir - Angelo-Emlak の hpz/admin/Default.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2048 2012-06-26 16:02 2008-05-1 Show GitHub Exploit DB Packet Storm
245489 7.5 危険 ASP indir - Angelo-Emlak における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2047 2012-06-26 16:02 2008-05-1 Show GitHub Exploit DB Packet Storm
245490 4.3 警告 cPanel - cPanel におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-2043 2012-06-26 16:02 2008-05-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 30, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1011 8.8 HIGH
Network 		- - Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissio… New CWE-269
 Improper Privilege Management 		CVE-2026-45716 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1012 7.7 HIGH
Network 		- - Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetch(fileUrl) directly without the IP blacklist… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45548 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1013 8.2 HIGH
Network 		- - Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options … New CWE-73
CWE-306
CWE-434
 External Control of File Name or Path
Missing Authentication for Critical Function
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-45089 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1014 7.5 HIGH
Network 		- - Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tag… New CWE-73
CWE-306
CWE-552
 External Control of File Name or Path
Missing Authentication for Critical Function
 Files or Directories Accessible to External Parties 		CVE-2026-45088 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1015 6.5 MEDIUM
Network 		- - Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This… New CWE-863
 Incorrect Authorization 		CVE-2026-45081 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1016 7.5 HIGH
Network 		- - bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&… New CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-45047 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1017 8.8 HIGH
Network 		- - elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolu… New CWE-89
SQL Injection 		CVE-2026-44521 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1018 9.3 CRITICAL
Network 		- - Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global… New CWE-693
 Protection Mechanism Failure 		CVE-2026-44451 2026-05-28 03:16 2026-05-27 Show GitHub Exploit DB Packet Storm
1019 - - - Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien… New CWE-20
 Improper Input Validation  		CVE-2026-42553 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm
1020 6.2 MEDIUM
Local 		- - go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on … New CWE-674
 Uncontrolled Recursion 		CVE-2026-42328 2026-05-28 03:16 2026-05-28 Show GitHub Exploit DB Packet Storm