Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3111	7.5	重要 Network	Sylphx	Filesystem MCP	SylphxのFilesystem MCPにおける相対パストラバーサルの脆弱性	CWE-23 相対的パストラバーサル	CVE-2025-67366	2026-01-30 14:13	2026-01-7	Show	GitHub Exploit DB Packet Storm

3112	3.8	低 Network	Eli Hanna	Compress & Upload	Eli HannaのWordPress用Compress & Uploadにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-8889	2026-01-30 14:13	2025-09-9	Show	GitHub Exploit DB Packet Storm

3113	5.4	警告 Network	ngsurvey	ngsurvey	ngsurveyにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-15479	2026-01-30 14:13	2026-01-7	Show	GitHub Exploit DB Packet Storm

3114	6.1	警告 Network	WPForms	wpforms	WPFormsのWordPress用wpformsにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2020-36919	2026-01-30 14:13	2026-01-13	Show	GitHub Exploit DB Packet Storm

3115	7.2	重要 Network	4homepages	4images	4homepagesの4imagesにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2022-50806	2026-01-30 14:13	2026-01-13	Show	GitHub Exploit DB Packet Storm

3116	7.8	重要 Local	Wondershare Technology Co., Ltd	Dr.Fone	Wondershare Technology Co., LtdのDr.Foneにおける引用されない検索パスまたは要素に関する脆弱性	CWE-428 引用されない検索パスまたは要素	CVE-2022-50900	2026-01-30 14:13	2026-01-13	Show	GitHub Exploit DB Packet Storm

3117	7.8	重要 Local	Wondershare Technology Co., Ltd	Dr.Fone	Wondershare Technology Co., LtdのDr.Foneにおける引用されない検索パスまたは要素に関する脆弱性	CWE-428 引用されない検索パスまたは要素	CVE-2022-50901	2026-01-30 14:13	2026-01-13	Show	GitHub Exploit DB Packet Storm

3118	7.8	重要 Local	Wondershare Technology Co., Ltd	mobiletrans	Wondershare Technology Co., Ltdのmobiletransにおける引用されない検索パスまたは要素に関する脆弱性	CWE-428 引用されない検索パスまたは要素	CVE-2022-50903	2026-01-30 14:13	2026-01-13	Show	GitHub Exploit DB Packet Storm

3119	5.5	警告 Local	サムスン	android	サムスンのAndroidにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2023-21477	2026-01-30 14:13	2025-09-3	Show	GitHub Exploit DB Packet Storm

3120	6.1	警告 Network	HasThemes	ht easy ga4 (google analytics 4)	HasThemesのWordPress用ht easy ga4 (google analytics 4)におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-29094	2026-01-30 14:13	2024-03-19	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
348251	-	freebsd	freebsd	ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while perfor…	NVD-CWE-Other	CVE-2005-2019	2008-09-6 05:50	2005-07-5	Show	GitHub Exploit DB Packet Storm

348252	-	cpanel	cpanel	Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.	NVD-CWE-Other	CVE-2005-2021	2008-09-6 05:50	2005-06-20	Show	GitHub Exploit DB Packet Storm

348253	-	vipul	razor-agents	Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.	NVD-CWE-Other	CVE-2005-2024	2008-09-6 05:50	2005-06-17	Show	GitHub Exploit DB Packet Storm

348254	-	enterasys	vertical_horizon-2402s	Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.	NVD-CWE-Other	CVE-2005-2026	2008-09-6 05:50	2005-06-16	Show	GitHub Exploit DB Packet Storm

348255	-	enterasys	vertical_horizon-2402s	Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information …	NVD-CWE-Other	CVE-2005-2027	2008-09-6 05:50	2005-06-16	Show	GitHub Exploit DB Packet Storm

348256	-	amarok	web_frontend	amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and pass…	NVD-CWE-Other	CVE-2005-2029	2008-09-6 05:50	2005-06-17	Show	GitHub Exploit DB Packet Storm

348257	-	socialmpn	socialmpn	Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid para…	NVD-CWE-Other	CVE-2005-2031	2008-09-6 05:50	2005-06-16	Show	GitHub Exploit DB Packet Storm

348258	-	fortibus	fortibus_cms	Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page.	NVD-CWE-Other	CVE-2005-2038	2008-09-6 05:50	2005-06-20	Show	GitHub Exploit DB Packet Storm

348259	-	nanoblogger	nanoblogger	Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands.	NVD-CWE-Other	CVE-2005-2039	2008-09-6 05:50	2005-06-19	Show	GitHub Exploit DB Packet Storm

348260	-	telnetd	telnetd	Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CV…	NVD-CWE-Other	CVE-2005-2040	2008-09-6 05:50	2005-06-20	Show	GitHub Exploit DB Packet Storm