Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3551 10 緊急
Network 		GongRzhe Terminal Controller for MCP GongRzheのTerminal Controller for MCPにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2025-61492 2026-02-2 19:31 2026-01-7 Show GitHub Exploit DB Packet Storm
3552 7.5 重要
Network 		wpwebelite Follow My Blog Post WPWeb EliteのWordPress用Follow My Blog Postにおける認可されていない制御領域への重要情報の漏えいに関する脆弱性 CWE-497
認可されていない制御領域への重要情報の漏えい 		CVE-2025-64258 2026-02-2 19:31 2025-12-18 Show GitHub Exploit DB Packet Storm
3553 5.4 警告
Network 		Qode Interactive Bard Qode InteractiveのWordPress用Bardにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2025-64368 2026-02-2 19:31 2025-10-31 Show GitHub Exploit DB Packet Storm
3554 5.3 警告
Network 		XWiki Full Calendar Macro (macro-fullcalendar-pom) XWikiのFull Calendar Macro (macro-fullcalendar-pom)における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2025-65090 2026-02-2 19:31 2026-01-10 Show GitHub Exploit DB Packet Storm
3555 10 緊急
Network 		XWiki Full Calendar Macro (macro-fullcalendar-pom) XWikiのFull Calendar Macro (macro-fullcalendar-pom)におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2025-65091 2026-02-2 19:31 2026-01-10 Show GitHub Exploit DB Packet Storm
3556 6.5 警告
Network 		Mega-Fence Project Mega-Fence Mega-Fence ProjectのMega-Fenceにおけるセキュリティ決定の信頼できない入力への依存に関する脆弱性 CWE-807
セキュリティ決定の信頼できない入力への依存 		CVE-2025-65328 2026-02-2 19:31 2026-01-5 Show GitHub Exploit DB Packet Storm
3557 7.5 重要
Network 		WebPros International GmbH Plesk Obsidian WebPros International GmbHのPlesk Obsidianにおけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2025-65518 2026-02-2 19:31 2026-01-8 Show GitHub Exploit DB Packet Storm
3558 8.8 重要
Network 		Qode Interactive Powerlift Qode InteractiveのWordPress用Powerliftにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2025-66532 2026-02-2 19:31 2025-12-9 Show GitHub Exploit DB Packet Storm
3559 4.8 警告
Network 		Hotwire Turbo HotwireのTurboにおける競合状態に関する脆弱性 CWE-362
競合状態 		CVE-2025-66803 2026-02-2 19:30 2026-01-20 Show GitHub Exploit DB Packet Storm
3560 7.5 重要
Network 		Manos Websocket Server ManosのWebsocket Serverにおける入力確認に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2025-66902 2026-02-2 19:30 2026-01-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
81 6.8 MEDIUM
Network 		- - SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42291 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
82 9.8 CRITICAL
Network 		gitpython_project gitpython GitPython is a python library used to interact with Git repositories. Prior to version 3.1.47, _clone() validates multi_options as the original list, then executes shlex.split(" ".join(multi_options)… New CWE-88
Argument Injection 		CVE-2026-42284 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
83 - - - Saltcorn is an extensible, open source, no-code database application builder. Prior to versions 1.4.6, 1.5.6, and 1.6.0-beta.5, Saltcorn validates the post-login dest parameter with a string check th… New CWE-601
Open Redirect 		CVE-2026-42259 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
84 7.6 HIGH
Network 		- - ipl/web is a set of common web components for php projects. Prior to version 0.13.1, the vulnerability allows an attacker to inject malicious Javascript into a victim's browser to run it in the conte… New CWE-79
Cross-site Scripting 		CVE-2026-42224 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
85 - - - pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(… New CWE-195
CWE-918
 Signed to Unsigned Conversion Error
Server-Side Request Forgery (SSRF)  		CVE-2026-41682 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
86 7.9 HIGH
Local 		- - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when … New CWE-200
CWE-312
Information Exposure
 Cleartext Storage of Sensitive Information 		CVE-2026-41520 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
87 7.1 HIGH
Network 		- - New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.12.10, a vulnerability exists in the Stripe webhook handler that allows an … New CWE-345
CWE-863
CWE-1188
 Insufficient Verification of Data Authenticity
 Incorrect Authorization
 Insecure Default Initialization of Resource 		CVE-2026-41432 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
88 9.8 CRITICAL
Network 		- - ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cms_content tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered. New CWE-94
Code Injection 		CVE-2026-36458 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
89 - - - Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal … New CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-32686 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
90 9.8 CRITICAL
Network 		- - The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full unauthenticated remote control of the device. The API supports bot… New CWE-285
Improper Authorization 		CVE-2026-30496 2026-05-9 08:16 2026-05-7 Show GitHub Exploit DB Packet Storm