Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 19, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
246671 6.5 警告 Drupal - Drupal の IMCE モジュールにおける任意の PHP コードをアップロードされる脆弱性 - CVE-2006-7109 2012-06-26 15:38 2006-10-2 Show GitHub Exploit DB Packet Storm
246672 6.6 警告 Debian - Apache HTTP Server における tty 端末への権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2006-7098 2012-06-26 15:38 2006-03-18 Show GitHub Exploit DB Packet Storm
246673 8.5 危険 Gentoo Linux
Debian		 - Gentoo などで使用される ftpd における gid 0 の権限を持つ任意のディレクトリを一覧にされる脆弱性 - CVE-2006-7094 2012-06-26 15:38 2006-11-15 Show GitHub Exploit DB Packet Storm
246674 7.5 危険 cliserv - CliServ Web Community における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-7068 2012-06-26 15:38 2007-03-2 Show GitHub Exploit DB Packet Storm
246675 6.8 警告 dreamcost - DreamCost HostAdmin における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-7056 2012-06-26 15:38 2007-02-23 Show GitHub Exploit DB Packet Storm
246676 7.5 危険 Claroline Consortium - Claroline における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-7048 2012-06-26 15:38 2007-02-23 Show GitHub Exploit DB Packet Storm
246677 9.3 危険 clan manager pro - CMPRO 用 cmpro.intern/login.inc.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-7046 2012-06-26 15:38 2007-02-23 Show GitHub Exploit DB Packet Storm
246678 7.5 危険 cmpro team - CMPRO における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-7045 2012-06-26 15:38 2007-02-23 Show GitHub Exploit DB Packet Storm
246679 7.5 危険 cmpro team - CMPRO の comment.core.inc.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-7044 2012-06-26 15:38 2007-02-23 Show GitHub Exploit DB Packet Storm
246680 3.5 注意 Chipmunk Scripts - Chipmunk Blogger におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-7043 2012-06-26 15:38 2007-02-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
61 9.8 CRITICAL
Network 		- - SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls pickle.loads() on incoming messages, enabling RCE when exposed to the intern… New CWE-502
 Deserialization of Untrusted Data 		CVE-2026-7301 2026-05-19 02:44 2026-05-18 Show GitHub Exploit DB Packet Storm
62 9.1 CRITICAL
Network 		- - SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write arbitrary files anywhere the server process has write access, by … New CWE-35
 Path Traversal: '.../...//' 		CVE-2026-7302 2026-05-19 02:44 2026-05-18 Show GitHub Exploit DB Packet Storm
63 9.8 CRITICAL
Network 		- - SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will… New CWE-502
 Deserialization of Untrusted Data 		CVE-2026-7304 2026-05-19 02:44 2026-05-18 Show GitHub Exploit DB Packet Storm
64 8.1 HIGH
Network 		- - Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query submission privileges to execute arbitrary code on TaskManagers… New CWE-94
Code Injection 		CVE-2026-35194 2026-05-19 02:44 2026-05-16 Show GitHub Exploit DB Packet Storm
65 7.5 HIGH
Network 		- - Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users s… New CWE-125
Out-of-bounds Read 		CVE-2026-8686 2026-05-19 02:44 2026-05-16 Show GitHub Exploit DB Packet Storm
66 6.5 MEDIUM
Adjacent 		- - An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. New CWE-20
CWE-22
 Improper Input Validation 
Path Traversal 		CVE-2026-20685 2026-05-19 02:44 2026-05-19 Show GitHub Exploit DB Packet Storm
67 6.5 MEDIUM
Network 		- - Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset. New CWE-284
Improper Access Control 		CVE-2025-67437 2026-05-19 02:44 2026-05-16 Show GitHub Exploit DB Packet Storm
68 6.5 MEDIUM
Network 		- - Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.run(String expression, String type, Map<String, Object> context) evaluates attacker-controlled sc… New CWE-94
Code Injection 		CVE-2026-39052 2026-05-19 02:44 2026-05-16 Show GitHub Exploit DB Packet Storm
69 6.5 MEDIUM
Network 		- - Oinone Pamirs 7.0.0 contains an XML External Entity (XXE) issue in its XStream-based XML parsing logic. When attacker-controlled XML is passed to framework parsing entry points such as PamirsXmlUtils… New CWE-611
XXE 		CVE-2026-39053 2026-05-19 02:44 2026-05-16 Show GitHub Exploit DB Packet Storm
70 7.3 HIGH
Network 		- - Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and writes attacker-controlled command strings directly to the proce… New CWE-77
Command Injection 		CVE-2026-39054 2026-05-19 02:44 2026-05-16 Show GitHub Exploit DB Packet Storm