Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
252031	4.3	警告	Zoho Corporation	-	ManageEngine ServiceDesk Plus の SolutionSearch.do におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-1510	2011-09-26 15:41	2011-09-20	Show	GitHub Exploit DB Packet Storm

252032	10	危険	Measuresoft Development Ltd.	-	Measuresoft ScadaPro の service.exe における任意のコマンドを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-3496	2011-09-26 15:40	2011-09-7	Show	GitHub Exploit DB Packet Storm

252033	10	危険	Measuresoft Development Ltd.	-	Measuresoft ScadaPro の service.exe における任意の DLL を実行される脆弱性	CWE-200 情報漏えい	CVE-2011-3497	2011-09-26 15:40	2011-09-16	Show	GitHub Exploit DB Packet Storm

252034	10	危険	Measuresoft Development Ltd.	-	Measuresoft ScadaPro の service.exe におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-3495	2011-09-26 15:39	2011-09-16	Show	GitHub Exploit DB Packet Storm

252035	4.3	警告	TIBCO Software	-	TIBCO Managed File Transfer および Slingshot におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-3423	2011-09-26 15:38	2011-09-13	Show	GitHub Exploit DB Packet Storm

252036	4.3	警告	TIBCO Software	-	TIBCO Managed File Transfer および Slingshot における Web セッションをハイジャックされる脆弱性	CWE-Other その他	CVE-2011-3424	2011-09-26 15:37	2011-09-13	Show	GitHub Exploit DB Packet Storm

252037	10	危険	シスコシステムズ	-	Cisco Unified Service Monitor における任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2011-2738	2011-09-22 15:55	2011-09-14	Show	GitHub Exploit DB Packet Storm

252038	6.8	警告	Jaspersoft	-	JasperServer にクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2011-1911	2011-09-22 15:54	2011-09-16	Show	GitHub Exploit DB Packet Storm

252039	7.5	危険	LifeSize Communications	-	LifeSize Room appliance の Web インターフェイスにおける任意のコマンドを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-2763	2011-09-22 15:50	2011-09-2	Show	GitHub Exploit DB Packet Storm

252040	5	警告	LifeSize Communications	-	LifeSize Room appliance の Web インターフェイスにおける認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2011-2762	2011-09-22 15:49	2011-09-2	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4261	2.7	LOW Network	linuxfoundation	backstage\/integration	Backstage is an open framework for building developer portals. Prior to version 1.20.1, a vulnerability in the SCM URL parsing used by Backstage integrations allowed path traversal sequences in encod…	CWE-22 Path Traversal	CVE-2026-29185	2026-04-26 03:01	2026-03-8	Show	GitHub Exploit DB Packet Storm

4262	2.7	LOW Network	linuxfoundation	backstage\/integration	Backstage es un framework abierto para construir portales de desarrolladores. Antes de la versión 1.20.1, una vulnerabilidad en el análisis de URL de SCM utilizado por las integraciones de Backstage …	CWE-22 Path Traversal	CVE-2026-29185	2026-04-26 03:01	2026-03-8	Show	GitHub Exploit DB Packet Storm

4263	6.5	MEDIUM Network	linuxfoundation	backstage\/plugin-scaffolder-backend	Backstage is an open framework for building developer portals. Prior to version 3.1.4, a malicious scaffolder template can bypass the log redaction mechanism to exfiltrate secrets provided run throug…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-29184	2026-04-26 03:01	2026-03-8	Show	GitHub Exploit DB Packet Storm

4264	6.5	MEDIUM Network	linuxfoundation	backstage\/plugin-scaffolder-backend	Backstage es un framework abierto para construir portales de desarrolladores. Antes de la versión 3.1.4, una plantilla de andamiaje maliciosa puede eludir el mecanismo de redacción de registros para …	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-29184	2026-04-26 03:01	2026-03-8	Show	GitHub Exploit DB Packet Storm

4265	9.8	CRITICAL Network	n2ws	n2w	In N2W before 4.3.2 and 4.4.x before 4.4.1, there is potential remote code execution and account credentials theft because of a spoofing vulnerability.	CWE-290 Authentication Bypass by Spoofing	CVE-2025-59707	2026-04-26 03:01	2026-03-26	Show	GitHub Exploit DB Packet Storm

4266	9.8	CRITICAL Network	n2ws	n2w	En N2W antes de 4.3.2 y 4.4.x antes de 4.4.1, existe potencial ejecución remota de código y robo de credenciales de cuenta debido a una vulnerabilidad de suplantación de identidad.	CWE-290 Authentication Bypass by Spoofing	CVE-2025-59707	2026-04-26 03:01	2026-03-26	Show	GitHub Exploit DB Packet Storm

4267	9.8	CRITICAL Network	n2ws	n2w	In N2W before 4.3.2 and 4.4.0 before 4.4.1, improper validation of API request parameters enables remote code execution.	CWE-290 Authentication Bypass by Spoofing	CVE-2025-59706	2026-04-26 03:01	2026-03-26	Show	GitHub Exploit DB Packet Storm

4268	9.8	CRITICAL Network	n2ws	n2w	En N2W antes de 4.3.2 y 4.4.0 antes de 4.4.1, la validación indebida de los parámetros de solicitud de la API permite la ejecución remota de código.	CWE-290 Authentication Bypass by Spoofing	CVE-2025-59706	2026-04-26 03:01	2026-03-26	Show	GitHub Exploit DB Packet Storm

4269	9.8	CRITICAL Network	filigran	openaev	OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.0.0 and prior to version 2.0.13, OpenAEV's…	CWE-640 Weak Password Recovery Mechanism for Forgotten Password	CVE-2026-24467	2026-04-26 03:00	2026-04-21	Show	GitHub Exploit DB Packet Storm

4270	8.8	HIGH Network	hcltech	aion	HCL AION is affected by a Cookie with Insecure, Improper, or Missing SameSite vulnerability. This can allow cookies to be sent in cross-site requests, potentially increasing exposure to cross-site r…	CWE-1275 Sensitive Cookie with Improper SameSite Attribute	CVE-2025-52628	2026-04-26 02:59	2026-02-4	Show	GitHub Exploit DB Packet Storm