Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 31, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
245601	7.5	危険	arnos toolbox WordPress.org	-	WordPress の WP-Download プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1646	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245602	7.5	危険	efestech	-	EfesTECH Video の default.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1641	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245603	7.5	危険	emedia office gmbh	-	CuteFlow における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1632	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245604	7.5	危険	emedia office gmbh	-	CuteFlow の login.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1631	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245605	4.3	警告	emedia office gmbh	-	CuteFlow におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1630	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245606	3.5	注意	cds software consortium	-	CDS Invenio における任意のユーザの電子メール通知アラートを削除される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-1627	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245607	7.5	危険	eggblog	-	eggBlog における SQL インジェクションの脆弱性	CWE-20 CWE-89	CVE-2008-1626	2012-06-26 16:02	2008-03-28	Show	GitHub Exploit DB Packet Storm

245608	6.8	警告	AVAST Software s.r.o.	-	avast! Home and Professional の aavmker4.sys における権限を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-1625	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245609	6.8	警告	geertsen holdings inc	-	GeeCarts における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2008-1622	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

245610	4.3	警告	geertsen holdings inc	-	GeeCarts におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1621	2012-06-26 16:02	2008-04-2	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 31, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
691	-		-	-	Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical m… New	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-8070	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

692	-		-	-	Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute arbitrary UCC commands. New	CWE-306 Missing Authentication for Critical Function	CVE-2026-49195	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

693	-		-	-	The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands. New	CWE-77 Command Injection	CVE-2026-49196	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

694	-		-	-	Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails. New	CWE-287 Improper Authentication	CVE-2026-49197	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

695	-		-	-	Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors. New	CWE-284 Improper Access Control	CVE-2026-49198	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

696	-		-	-	Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device. New	CWE-77 Command Injection	CVE-2026-49199	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

697	-		-	-	The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials (for web and Telnet), leading to unauthorized s… New	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-49200	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

698	-		-	-	The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating pers… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-49201	2026-05-29 23:46	2026-05-29	Show	GitHub Exploit DB Packet Storm

699	8.8	HIGH Network	-	-	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: … New	CWE-20 Improper Input Validation	CVE-2026-9969	2026-05-29 23:16	2026-05-29	Show	GitHub Exploit DB Packet Storm

700	7.5	HIGH Network	-	-	Music Player Daemon (MPD) before version 0.24.11 contains a path traversal vulnerability in LocalStorage::MapFSOrThrow and LocalStorage::MapUTF8 within the local storage plugin, where the on-disk pat… New	CWE-22 Path Traversal	CVE-2026-49128	2026-05-29 23:16	2026-05-29	Show	GitHub Exploit DB Packet Storm