Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 10, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3581	8.1	重要 Network	Qode Interactive	Lekker	Qode InteractiveのWordPress用LekkerにおけるPHP リモートファイルインクルージョンの脆弱性	CWE-98 PHP リモートファイルインクルージョン	CVE-2025-69034	2026-02-2 19:30	2025-12-30	Show	GitHub Exploit DB Packet Storm

3582	5.4	警告 Network	remyandrade	Domain Availability Checker Using PHP and JavaScript with Source Code	Remy AndradeのDomain Availability Checker Using PHP and JavaScript with Source Codeにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-70458	2026-02-2 19:30	2026-01-23	Show	GitHub Exploit DB Packet Storm

3583	6.1	警告 Network	fahadmahmood	External Store for Shopify	fahadmahmoodのWordPress用External Store for Shopifyにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-7808	2026-02-2 19:29	2025-08-14	Show	GitHub Exploit DB Packet Storm

3584	9.8	緊急 Network	Cockroach Labs	cockroach-k8s-request-cert	Cockroach Labsのcockroach-k8s-request-certにおける設定ファイル内の空のパスワードに関する脆弱性	CWE-258 設定ファイル内に空のパスワード	CVE-2025-9276	2026-02-2 19:29	2025-09-2	Show	GitHub Exploit DB Packet Storm

3585	7.5	重要 Network	lfprojects	MCP TypeScript SDK	lfprojectsのMCP TypeScript SDKにおける非効率的な正規表現の複雑さに関する脆弱性	CWE-1333 非効率的な正規表現の複雑さ	CVE-2026-0621	2026-02-2 19:29	2026-01-5	Show	GitHub Exploit DB Packet Storm

3586	7.5	重要 Network	TOTOLINK	WA1200-PoE Firmware WA1200-PoE	TOTOLINK等の複数ベンダの製品における複数の脆弱性	CWE-404 CWE-476 CWE-476	CVE-2026-0731	2026-02-2 19:29	2026-01-8	Show	GitHub Exploit DB Packet Storm

3587	7.8	重要 Local	Google	SentencePiece	GoogleのSentencePieceにおけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2026-1260	2026-02-2 19:29	2026-01-22	Show	GitHub Exploit DB Packet Storm

3588	7.2	重要 Network	D-Link Systems, Inc.	DCS-700L Firmware	D-Link CorporationのDCS-700L Firmwareにおける複数の脆弱性	CWE-74 CWE-77 CWE-77	CVE-2026-1419	2026-02-2 19:29	2026-01-26	Show	GitHub Exploit DB Packet Storm

3589	6.5	警告 Adjacent	UI	UniFi Connect EV Station Lite Firmware	UIのUniFi Connect EV Station Lite Firmwareにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2026-21635	2026-02-2 19:29	2026-01-5	Show	GitHub Exploit DB Packet Storm

3590	8.2	重要 Network	Shopify	Remix React Router	ShopifyのReact Router等の複数製品におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-21884	2026-02-2 19:29	2026-01-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
348691	-	php_download_manager	php_download_manager	SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.	NVD-CWE-Other	CVE-2005-3769	2008-09-6 05:55	2005-11-23	Show	GitHub Exploit DB Packet Storm

348692	-	-	-	Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.	NVD-CWE-Other	CVE-2005-3778	2008-09-6 05:55	2005-11-23	Show	GitHub Exploit DB Packet Storm

348693	-	apple	mac_os_x mac_os_x_server	Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to …	NVD-CWE-Other	CVE-2005-3782	2008-09-6 05:55	2005-12-31	Show	GitHub Exploit DB Packet Storm

348694	-	easypagecms	easypagecms	Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.	NVD-CWE-Other	CVE-2005-3854	2008-09-6 05:55	2005-11-27	Show	GitHub Exploit DB Packet Storm

348695	-	krusader	krusader	The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL fi…	NVD-CWE-Other	CVE-2005-3856	2008-09-6 05:55	2005-11-28	Show	GitHub Exploit DB Packet Storm

348696	-	macromedia	flash_communication_server	Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated usin…	NVD-CWE-Other	CVE-2005-3901	2008-09-6 05:55	2005-11-30	Show	GitHub Exploit DB Packet Storm

348697	-	-	-	Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php.	NVD-CWE-Other	CVE-2005-3919	2008-09-6 05:55	2005-11-30	Show	GitHub Exploit DB Packet Storm

348698	-	dotclear	dotclear	Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors.	NVD-CWE-Other	CVE-2005-3957	2008-09-6 05:55	2005-12-1	Show	GitHub Exploit DB Packet Storm

348699	-	tradesoft	tradesoft_cms	Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors.	NVD-CWE-Other	CVE-2005-3987	2008-09-6 05:55	2005-12-5	Show	GitHub Exploit DB Packet Storm

348700	-	wineggdropshell	wineggdropshell	Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) P…	NVD-CWE-Other	CVE-2005-3992	2008-09-6 05:55	2005-12-5	Show	GitHub Exploit DB Packet Storm