Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2761	8.1	重要 Network	inventree project	inventree	inventree projectのinventreeにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-35478	2026-04-21 10:45	2026-04-8	Show	GitHub Exploit DB Packet Storm

2762	7.5	重要 Network	liquidjs	liquidjs	liquidjsにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2026-39412	2026-04-21 10:45	2026-04-8	Show	GitHub Exploit DB Packet Storm

2763	5.5	警告 Network	MaxKB	MaxKB	MaxKBにおける複数の脆弱性	CWE-20 CWE-78	CVE-2026-39417	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2764	7.4	重要 Network	MaxKB	MaxKB	MaxKBにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-39418	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2765	3.1	低 Network	MaxKB	MaxKB	MaxKBにおける複数の脆弱性	CWE-290 CWE-693 CWE-74	CVE-2026-39419	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2766	7.4	重要 Network	MaxKB	MaxKB	MaxKBにおける複数の脆弱性	CWE-693 CWE-78	CVE-2026-39420	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2767	7.4	重要 Network	MaxKB	MaxKB	MaxKBにおける複数の脆弱性	CWE-693 CWE-94	CVE-2026-39421	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2768	5.4	警告 Network	MaxKB	MaxKB	MaxKBにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-39422	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2769	5.4	警告 Network	MaxKB	MaxKB	MaxKBにおける複数の脆弱性	CWE-79 CWE-95	CVE-2026-39423	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

2770	4.7	警告 Network	MaxKB	MaxKB	MaxKBにおけるCSV ファイル内の数式要素の中和に関する脆弱性	CWE-1236 CSV ファイル内の数式要素の不適切な中和	CVE-2026-39424	2026-04-21 10:45	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
347491	-	smartlist	smartlist	The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie…	NVD-CWE-Other	CVE-2005-0157	2008-09-11 04:35	2005-05-3	Show	GitHub Exploit DB Packet Storm

347492	-	clam_anti-virus	clamav	ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.	NVD-CWE-Other	CVE-2005-0218	2008-09-11 04:35	2005-05-2	Show	GitHub Exploit DB Packet Storm

347493	-	phpbb_group	phpbb	Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (…	NVD-CWE-Other	CVE-2005-0258	2008-09-11 04:35	2005-03-14	Show	GitHub Exploit DB Packet Storm

347494	-	phpbb_group	phpbb	phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, th…	NVD-CWE-Other	CVE-2005-0259	2008-09-11 04:35	2005-03-14	Show	GitHub Exploit DB Packet Storm

347495	-	zakon_group	openconf	Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title.	NVD-CWE-Other	CVE-2005-0407	2008-09-11 04:35	2005-05-2	Show	GitHub Exploit DB Packet Storm

347496	-	citrusdb	citrusdb	CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such …	NVD-CWE-Other	CVE-2005-0409	2008-09-11 04:35	2005-02-14	Show	GitHub Exploit DB Packet Storm

347497	-	citrusdb	citrusdb	SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.	NVD-CWE-Other	CVE-2005-0410	2008-09-11 04:35	2005-02-14	Show	GitHub Exploit DB Packet Storm

347498	-	citrusdb	citrusdb	Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.	NVD-CWE-Other	CVE-2005-0411	2008-09-11 04:35	2005-02-14	Show	GitHub Exploit DB Packet Storm

347499	-	gentoo	poppassd_pam	poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.	NVD-CWE-Other	CVE-2005-0002	2008-09-11 04:34	2005-05-2	Show	GitHub Exploit DB Packet Storm

347500	-	dmxready	dmxready_site_chassis_manager	Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.	NVD-CWE-Other	CVE-2004-2188	2008-09-11 04:33	2004-12-31	Show	GitHub Exploit DB Packet Storm