Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 4:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3011	7.5	重要 Network	trustwallet	trust wallet core	trustwalletのtrust wallet coreにおけるバッファオーバーリードの脆弱性	CWE-126 バッファオーバーリード	CVE-2025-66692	2026-02-2 19:40	2026-01-20	Show	GitHub Exploit DB Packet Storm

3012	9.8	緊急 Network	JEECG	jimureport	JEECGのjimureportにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-66913	2026-02-2 19:40	2026-01-8	Show	GitHub Exploit DB Packet Storm

3013	9.4	緊急 Network	dromara	RuoYi-Vue-Plus	DromaraのRuoYi-Vue-Plusにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-66916	2026-02-2 19:40	2026-01-8	Show	GitHub Exploit DB Packet Storm

3014	5.4	警告 Network	PHPGurukul	Employee Leaves Management System (ELMS)	PHPGurukulのEmployee Leaves Management System (ELMS)におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2025-67315	2026-02-2 19:40	2026-01-5	Show	GitHub Exploit DB Packet Storm

3015	5.4	警告 Network	heytap	internet browser	heytapのinternet browserにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-67316	2026-02-2 19:40	2026-01-5	Show	GitHub Exploit DB Packet Storm

3016	9.8	緊急 Network	webkul	qloapps	webkulのqloappsにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-67325	2026-02-2 19:40	2026-01-8	Show	GitHub Exploit DB Packet Storm

3017	8.8	重要 Network	b3log	SiYuan	B3logのSiYuanにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2025-67488	2026-02-2 19:40	2025-12-9	Show	GitHub Exploit DB Packet Storm

3018	9	緊急 Network	Homarr	Homarr	Homarrにおける複数の脆弱性	CWE-20 CWE-90	CVE-2025-67493	2026-02-2 19:39	2025-12-17	Show	GitHub Exploit DB Packet Storm

3019	5.3	警告 Network	Discourse	Discourse	Discourseにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-68479	2026-02-2 19:39	2026-01-28	Show	GitHub Exploit DB Packet Storm

3020	5.4	警告 Network	HasThemes	WC Builder	HasThemesのWordPress用WC Builderにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-68533	2026-02-2 19:39	2025-12-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
451	8.1	HIGH Network	-	-	In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows a remote attacker to inject arbitrary SQL commands via a crafted… New	CWE-89 SQL Injection	CVE-2026-44331	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

452	-		-	-	Gotenberg is an API-based document conversion tool. In versions 8.30.1 and earlier, the default private-IP deny-lists for the --webhook-deny-list and --api-download-from-deny-list flags use a case-se… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-40280	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

453	-		-	-	PhpSpreadsheet is a library for reading and writing spreadsheet files. In versions 1.30.2 and earlier, 2.0.0 through 2.1.14, 2.2.0 through 2.4.3, 3.3.0 through 3.10.3, and 4.0.0 through 5.5.0, when t… New	CWE-502 CWE-918 Deserialization of Untrusted Data Server-Side Request Forgery (SSRF)	CVE-2026-34084	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

454	-		-	-	CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the transfer plugin can select the wrong ACL stanza when both a parent zone and a more-specific subzone are configured. The l… New	CWE-863 Incorrect Authorization	CVE-2026-33489	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

455	-		-	-	Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing … New	CWE-862 Missing Authorization	CVE-2026-33420	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

456	-		-	-	SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que… New	CWE-89 SQL Injection	CVE-2026-33324	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

457	-		-	-	CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the DNS-over-HTTPS (DoH) GET path accepts oversized dns= query parameter values and performs URL query parsing, base64 decodi… New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-32936	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

458	-		-	-	FacturaScripts is an open source accounting and invoicing software. In versions 2025.92 and earlier, the application fails to validate the nick parameter during a POST request to the EditUser control… New	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-32699	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

459	-		-	-	Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink followin… New	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2026-31893	2026-05-6 05:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

460	8.1	HIGH Network	-	-	School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. Update	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-7491	2026-05-6 05:16	2026-05-2	Show	GitHub Exploit DB Packet Storm