Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3031	7.5	重要 Network	GPAC	GPAC	GPACにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-121 スタックオーバーフロー	CVE-2025-70307	2026-02-2 19:39	2026-01-15	Show	GitHub Exploit DB Packet Storm

3032	9.1	緊急 Network	ruoyi	ruoyi	ruoyiにおける複数の脆弱性	CWE-284 CWE-862	CVE-2025-70985	2026-02-2 19:39	2026-01-23	Show	GitHub Exploit DB Packet Storm

3033	7.5	重要 Network	ruoyi	ruoyi	ruoyiにおける複数の脆弱性	CWE-284 CWE-862	CVE-2025-70986	2026-02-2 19:39	2026-01-23	Show	GitHub Exploit DB Packet Storm

3034	5.4	警告 Network	Lavalite	Lavalite	Lavaliteにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-71177	2026-02-2 19:39	2026-01-23	Show	GitHub Exploit DB Packet Storm

3035	4.2	警告 Network	Fortra	GoAnywhere Managed File Transfer	FortraのGoAnywhere Managed File Transferにおける複数の脆弱性	CWE-732 CWE-863	CVE-2025-8148	2026-02-2 19:39	2025-12-5	Show	GitHub Exploit DB Packet Storm

3036	7.5	重要 Network	TP-LINK Technologies	TL-WR841N ファームウェア	TP-LINK TechnologiesのTL-WR841N ファームウェアにおける複数の脆弱性	CWE-20 CWE-476	CVE-2025-9014	2026-02-2 19:39	2026-01-15	Show	GitHub Exploit DB Packet Storm

3037	5.5	警告 Network	Zoho Corporation	ManageEngine ADManager Plus	Zoho CorporationのManageEngine ADManager Plusにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2025-9435	2026-02-2 19:39	2026-01-13	Show	GitHub Exploit DB Packet Storm

3038	6.1	警告 Network	Zoho Corporation	manageengine applications manager	Zoho CorporationのManageEngine Applications Managerにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-9787	2026-02-2 19:39	2025-12-18	Show	GitHub Exploit DB Packet Storm

3039	6.1	警告 Network	ironmansoftware	powershell universal	ironmansoftwareのpowershell universalにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-0618	2026-02-2 19:39	2026-01-7	Show	GitHub Exploit DB Packet Storm

3040	8.8	重要 Network	openwebui	open webui	openwebuiのopen webuiにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-0765	2026-02-2 19:39	2026-01-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
461	8.8	HIGH Network	-	-	CTMS developed by Sunnet has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. Update	CWE-89 SQL Injection	CVE-2026-7489	2026-05-6 05:14	2026-05-2	Show	GitHub Exploit DB Packet Storm

462	7.2	HIGH Network	-	-	CTMS and CPAS developed by Sunnet has an Arbitrary File Upload vulnerability, allowing privileged remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution… Update	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-7490	2026-05-6 05:14	2026-05-2	Show	GitHub Exploit DB Packet Storm

463	-		-	-	Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5. New	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2026-6499	2026-05-6 05:14	2026-05-4	Show	GitHub Exploit DB Packet Storm

464	-		-	-	Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5. New	CWE-256 Plaintext Storage of a Password	CVE-2026-6500	2026-05-6 05:14	2026-05-5	Show	GitHub Exploit DB Packet Storm

465	-		-	-	Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. New	CWE-611 XXE	CVE-2026-6501	2026-05-6 05:14	2026-05-5	Show	GitHub Exploit DB Packet Storm

466	8.8	HIGH Adjacent	google	android	In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as… New	CWE-303 Incorrect Implementation of Authentication Algorithm	CVE-2026-0073	2026-05-6 04:54	2026-05-5	Show	GitHub Exploit DB Packet Storm

467	9.8	CRITICAL Network	-	-	Arelle before 2.39.10 contains an unauthenticated remote code execution vulnerability in the /rest/configure REST endpoint that accepts a plugins query parameter and forwards it to the plugin manager… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-42796	2026-05-6 04:50	2026-05-5	Show	GitHub Exploit DB Packet Storm

468	7.1	HIGH Local	-	-	Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq… New	CWE-23 Relative Path Traversal	CVE-2026-43616	2026-05-6 04:50	2026-05-5	Show	GitHub Exploit DB Packet Storm

469	7.5	HIGH Network	-	-	Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated rem… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-32834	2026-05-6 04:47	2026-05-5	Show	GitHub Exploit DB Packet Storm

470	7.5	HIGH Network	-	-	Easy PayPal Events & Tickets plugin for WordPress versions 1.3 and earlier contain an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to en… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-41471	2026-05-6 04:47	2026-05-5	Show	GitHub Exploit DB Packet Storm