Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3311	9.8	緊急 Network	Nitro Software Inc.	Nitro PDF Pro	Nitro Software Inc.のNitro PDF Proにおける同一生成元ポリシー違反に関する脆弱性	CWE-346 同一生成元ポリシー違反	CVE-2025-67825	2026-01-28 12:41	2026-01-8	Show	GitHub Exploit DB Packet Storm

3312	8.1	重要 Network	Qode Interactive	Wellspring	Qode InteractiveのWordPress用WellspringにおけるPHP リモートファイルインクルージョンの脆弱性	CWE-98 PHP リモートファイルインクルージョン	CVE-2025-67934	2026-01-28 12:41	2026-01-8	Show	GitHub Exploit DB Packet Storm

3313	6.5	警告 Network	Apache Software Foundation	Apache Spatial Information System (SIS)	Apache Software FoundationのApache Spatial Information System (SIS)におけるXML 外部エンティティの脆弱性	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2025-68280	2026-01-28 12:41	2026-01-5	Show	GitHub Exploit DB Packet Storm

3314	4.8	警告 Network	Centreon	Centreon Open Tickets	CentreonのCentreon Open Ticketsにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-8460	2026-01-28 12:41	2025-12-22	Show	GitHub Exploit DB Packet Storm

3315	4.3	警告 Network	cdata	API Server	cdataのAPI Serverにおける外部からアクセス可能なファイルまたはディレクトリに関する脆弱性	CWE-552 外部からアクセス可能なファイルまたはディレクトリ	CVE-2025-9273	2026-01-28 12:41	2025-09-2	Show	GitHub Exploit DB Packet Storm

3316	7.6	重要 Network	OPEXUS	eCASE Audit	OPEXUSのeCASE Auditにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-22230	2026-01-28 12:41	2026-01-8	Show	GitHub Exploit DB Packet Storm

3317	8.8	重要 Network	Microhard	IPn4Gb Firmware BulletPlus Firmware IPn3Gb Firmware VIP4G-WiFi-N Firmware IPn4G Firmware Bullet-3G Firmware Dragon-LTE Firmware VIP4Gb Fir…	MicrohardのBullet-3G Firmware等の複数製品におけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2018-25143	2026-01-28 12:41	2025-12-24	Show	GitHub Exploit DB Packet Storm

3318	9.8	緊急 Network	Microhard	IPn4Gb Firmware BulletPlus Firmware IPn3Gb Firmware VIP4G-WiFi-N Firmware IPn4G Firmware Bullet-3G Firmware Dragon-LTE Firmware VIP4Gb Fir…	MicrohardのBullet-3G Firmware等の複数製品におけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2018-25144	2026-01-28 12:41	2025-12-24	Show	GitHub Exploit DB Packet Storm

3319	6.5	警告 Network	Microhard	IPn4Gb Firmware BulletPlus Firmware IPn3Gb Firmware VIP4G-WiFi-N Firmware IPn4G Firmware Bullet-3G Firmware Dragon-LTE Firmware VIP4Gb Fir…	MicrohardのBullet-3G Firmware等の複数製品における外部からアクセス可能なファイルまたはディレクトリに関する脆弱性	CWE-552 外部からアクセス可能なファイルまたはディレクトリ	CVE-2018-25145	2026-01-28 12:40	2025-12-24	Show	GitHub Exploit DB Packet Storm

3320	8.1	重要 Network	Microhard	IPn4Gb Firmware BulletPlus Firmware IPn3Gb Firmware VIP4G-WiFi-N Firmware IPn4G Firmware Bullet-3G Firmware Dragon-LTE Firmware VIP4Gb Fir…	MicrohardのBullet-3G Firmware等の複数製品における不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2018-25146	2026-01-28 12:40	2025-12-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
71	6.5	MEDIUM Network	jenkins	matrix_authorization_strategy	Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategi… Update	CWE-502 Deserialization of Untrusted Data	CVE-2026-42521	2026-05-7 01:21	2026-04-29	Show	GitHub Exploit DB Packet Storm

72	4.3	MEDIUM Network	jenkins	github_branch_source	A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacke… Update	CWE-862 Missing Authorization	CVE-2026-42522	2026-05-7 01:18	2026-04-29	Show	GitHub Exploit DB Packet Storm

73	8.4	HIGH Local	hmbrand	text\	Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, get… Update	CWE-416 CWE-825 Use After Free Expired Pointer Dereference	CVE-2026-7111	2026-05-7 01:16	2026-04-30	Show	GitHub Exploit DB Packet Storm

74	8.8	HIGH Network	redis	redis	Redis is an in-memory data structure store. In versions of redis-server up to 8.6.3, the RESTORE command does not properly validate serialized values. An authenticated attacker with permission to exe… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-25243	2026-05-7 01:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

75	8.6	HIGH Network	-	-	In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, the Operation Delegation feature fails to validate the destination URI of delegated requests. An unauthenticated remote attacker… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-7412	2026-05-7 01:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

76	10.0	CRITICAL Network	-	-	In Eclipse BaSyx Java Server SDK versions prior to 2.0.0-milestone-10, inadequate path normalization in the Submodel HTTP API allows an unauthenticated remote attacker to perform a path traversal att… New	CWE-22 Path Traversal	CVE-2026-7411	2026-05-7 01:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

77	7.5	HIGH Network	wireshark	wireshark	Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service Update	CWE-476 NULL Pointer Dereference	CVE-2026-7376	2026-05-7 01:16	2026-04-30	Show	GitHub Exploit DB Packet Storm

78	6.8	MEDIUM Network	-	-	Velociraptor versions prior to 0.76.4 contain a cross organization authorization bypass in the HTTP API. A user with only the reader role in the root organization (the lowest authenticated role, hold… New	CWE-863 Incorrect Authorization	CVE-2026-6863	2026-05-7 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

79	-		-	-	A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accep… New	-	CVE-2026-6860	2026-05-7 01:16	2026-05-6	Show	GitHub Exploit DB Packet Storm

80	-		-	-	Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. New	CWE-427 Uncontrolled Search Path Element	CVE-2026-6788	2026-05-7 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm