Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253301	7.5	危険	AliBabaClone.com	-	Alibaba Clone B2B の countrydetails.php におけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4849	2011-09-30 14:24	2011-09-27	Show	GitHub Exploit DB Packet Storm

253302	4.3	警告	Diferior	-	Diferior におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4850	2011-09-30 14:22	2011-09-27	Show	GitHub Exploit DB Packet Storm

253303	7.5	危険	Eclime	-	Eclime における複数の SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4851	2011-09-30 14:19	2011-09-27	Show	GitHub Exploit DB Packet Storm

253304	4.3	警告	Eclime	-	Eclime の login.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4852	2011-09-30 14:15	2011-09-27	Show	GitHub Exploit DB Packet Storm

253305	7.5	危険	Zoho Corporation	-	ManageEngine EventLog Analyzer の Syslog サーバにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-4840	2011-09-30 14:13	2011-09-27	Show	GitHub Exploit DB Packet Storm

253306	4.3	警告	Zoho Corporation	-	ManageEngine EventLog Analyzer におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4841	2011-09-30 14:13	2011-09-27	Show	GitHub Exploit DB Packet Storm

253307	4.3	警告	AXScripts	-	AXScripts AxsLinks の addlink.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4848	2011-09-30 14:11	2011-09-27	Show	GitHub Exploit DB Packet Storm

253308	7.5	危険	MH Products	-	MH Products MHP Downloadshop の view_item.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4847	2011-09-30 14:11	2011-09-27	Show	GitHub Exploit DB Packet Storm

253309	7.5	危険	MH Products	-	MH Products Pay Pal Shop Digital の view_item.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4846	2011-09-30 14:11	2011-09-27	Show	GitHub Exploit DB Packet Storm

253310	7.5	危険	MH Products	-	MH Products Projekt Shop における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4845	2011-09-30 14:10	2011-09-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
5461	9.8	CRITICAL Network	senselive	x3500_firmware	A vulnerability in SenseLive X3050’s embedded management service allows full administrative control to be established without any form of authentication or authorization on the SenseLive config appli…	CWE-306 Missing Authentication for Critical Function	CVE-2026-40620	2026-04-29 04:32	2026-04-24	Show	GitHub Exploit DB Packet Storm

5462	9.1	CRITICAL Network	senselive	x3500_firmware	A vulnerability exists in SenseLive X3050's web management interface that allows critical configuration parameters to be modified without sufficient authentication or server-side validation. By apply…	CWE-306 Missing Authentication for Critical Function	CVE-2026-27843	2026-04-29 04:32	2026-04-24	Show	GitHub Exploit DB Packet Storm

5463	8.1	HIGH Network	senselive	x3500_firmware	A vulnerability in SenseLive X3050's web management interface allows state-changing operations to be triggered without proper Cross-Site Request Forgery (CSRF) protections. Because the application do…	CWE-352 Origin Validation Error	CVE-2026-27841	2026-04-29 04:32	2026-04-24	Show	GitHub Exploit DB Packet Storm

5464	5.4	MEDIUM Network	senselive	x3500_firmware	A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requi…	CWE-613 Insufficient Session Expiration	CVE-2026-25720	2026-04-29 04:31	2026-04-24	Show	GitHub Exploit DB Packet Storm

5465	5.9	MEDIUM Network	opentelemetry	opentelemetry	OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-41078	2026-04-29 04:24	2026-04-24	Show	GitHub Exploit DB Packet Storm

5466	7.5	HIGH Network	sqlalchemy	mako	Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is…	CWE-22 Path Traversal	CVE-2026-41205	2026-04-29 04:14	2026-04-24	Show	GitHub Exploit DB Packet Storm

5467	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_i…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-31535	2026-04-29 04:14	2026-04-25	Show	GitHub Exploit DB Packet Storm

5468	9.8	CRITICAL Network	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have reque…	NVD-CWE-noinfo	CVE-2026-31536	2026-04-29 04:10	2026-04-25	Show	GitHub Exploit DB Packet Storm

5469	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data …	NVD-CWE-noinfo	CVE-2026-31537	2026-04-29 04:09	2026-04-25	Show	GitHub Exploit DB Packet Storm

5470	5.4	MEDIUM Network	pretalx	pretalx	pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission titles, speaker display names, and user names/emails into the result dropdown…	CWE-79 Cross-site Scripting	CVE-2026-41241	2026-04-29 04:07	2026-04-24	Show	GitHub Exploit DB Packet Storm