Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3621 9.8 緊急
Network 		Grav CMS grav Grav CMSのgravにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2021-47812 2026-02-2 19:28 2026-01-16 Show GitHub Exploit DB Packet Storm
3622 8.8 重要
Network 		Repute Infosystems armember Repute InfosystemsのWordPress用armemberにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2022-47425 2026-02-2 19:28 2025-12-9 Show GitHub Exploit DB Packet Storm
3623 7.8 重要
Local 		TeamSpeak Systems GmbH TeamSpeak TeamSpeak Systems GmbHのTeamSpeakにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性 CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2022-50931 2026-02-2 19:28 2026-01-13 Show GitHub Exploit DB Packet Storm
3624 7.5 重要
Network 		京セラ株式会社 Command Center RX 京セラ株式会社のCommand Center RXにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2022-50932 2026-02-2 19:28 2026-01-13 Show GitHub Exploit DB Packet Storm
3625 6.1 警告
Network 		Ametys Ametys Ametysにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2022-50937 2026-02-2 19:28 2026-01-13 Show GitHub Exploit DB Packet Storm
3626 7.8 重要
Local 		getoutline outline getoutlineのoutlineにおける引用されない検索パスまたは要素に関する脆弱性 CWE-428
引用されない検索パスまたは要素 		CVE-2023-54331 2026-02-2 19:28 2026-01-13 Show GitHub Exploit DB Packet Storm
3627 6.1 警告
Network 		Automattic Inc. Jetpack Automattic Inc.のWordPress用Jetpackにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2023-54332 2026-02-2 19:28 2026-01-13 Show GitHub Exploit DB Packet Storm
3628 9.8 緊急
Network 		explorerplusplus explorer++ explorerplusplusのexplorer++における複数の脆弱性 CWE-121
CWE-787
CVE-2023-54334 2026-02-2 19:28 2026-01-13 Show GitHub Exploit DB Packet Storm
3629 7.5 重要
Network 		QNAP Systems QNAP QTS
QuTS hero 		QNAP SystemsのQNAP QTS等の複数製品における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2024-13086 2026-02-2 19:28 2025-03-7 Show GitHub Exploit DB Packet Storm
3630 2.7
Network 		Palo Alto Networks PAN-OS Palo Alto NetworksのPAN-OSにおける権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2024-2433 2026-02-2 19:28 2024-03-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
221 - - - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used during proxy API key checks mixed the caller… New CWE-89
SQL Injection 		CVE-2026-42208 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
222 5.3 MEDIUM
Network 		- - novaGallery is a php image gallery. Prior to version 2.1.1, a path traversal vulnerability has been identified in novaGallery. This allows unauthenticated users to read image files outside the intend… New CWE-22
Path Traversal 		CVE-2026-42028 2026-05-9 03:16 2026-05-9 Show GitHub Exploit DB Packet Storm
223 6.3 MEDIUM
Network 		- - Bitrix24 through 25.100.300 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file… New CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2025-67886 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
224 7.3 HIGH
Network 		- - AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a JWT. New CWE-321
 Use of Hard-coded Cryptographic Key 		CVE-2025-55449 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
225 7.3 HIGH
Network 		- - A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server. New CWE-94
Code Injection 		CVE-2024-46507 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
226 7.3 HIGH
Network 		- - A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in free… New CWE-77
Command Injection 		CVE-2024-45257 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
227 6.3 MEDIUM
Network 		- - SOPlanning 1.52.00 is vulnerable to SQL Injection by an authenticated user via projets.php with statut[]. New CWE-89
SQL Injection 		CVE-2024-33722 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
228 7.3 HIGH
Network 		- - Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login page. New CWE-89
SQL Injection 		CVE-2024-33288 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
229 5.3 MEDIUM
Local 		- - In libslic3r/GCode/PostProcessor.cpp in Prusa PrusaSlicer through 2.6.1, a crafted 3mf project file can execute arbitrary code on a host where the project is sliced and G-code exported. New CWE-77
Command Injection 		CVE-2023-47268 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm
230 - - - Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not ex… New CWE-672
 Operation on a Resource after Expiration or Release 		CVE-2013-10075 2026-05-9 03:16 2026-05-8 Show GitHub Exploit DB Packet Storm