Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3791	9.8	緊急 Network	D-Link Systems, Inc.	DIR-823X ファームウェア	D-Link CorporationのDIR-823X ファームウェアにおける複数の脆弱性	CWE-74 CWE-77 CWE-77	CVE-2026-1125	2026-02-2 19:38	2026-01-18	Show	GitHub Exploit DB Packet Storm

3792	8.8	重要 Network	TOTOLINK	a3700r ファームウェア	TOTOLINKのa3700r ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-1143	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3793	8.8	重要 Network	QuickJS: The Next Generation	QuickJS	QuickJS: The Next GenerationのQuickJSにおける複数の脆弱性	CWE-119 CWE-416	CVE-2026-1144	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3794	8.8	重要 Network	QuickJS: The Next Generation	QuickJS	QuickJS: The Next GenerationのQuickJSにおける複数の脆弱性	CWE-119 CWE-122	CVE-2026-1145	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3795	5.4	警告 Network	Patrick Mvuma	Patients Waiting Area Queue Management System	Patrick MvumaのPatients Waiting Area Queue Management Systemにおける複数の脆弱性	CWE-79 CWE-94	CVE-2026-1146	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3796	5.4	警告 Network	Patrick Mvuma	Patients Waiting Area Queue Management System	Patrick MvumaのPatients Waiting Area Queue Management Systemにおける複数の脆弱性	CWE-79 CWE-94	CVE-2026-1147	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3797	6.5	警告 Network	Patrick Mvuma	Patients Waiting Area Queue Management System	Patrick MvumaのPatients Waiting Area Queue Management Systemにおける複数の脆弱性	CWE-352 CWE-862	CVE-2026-1148	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3798	8.8	重要 Network	TOTOLINK	lr350 ファームウェア	TOTOLINKのlr350 ファームウェアにおける複数の脆弱性	CWE-74 CWE-77	CVE-2026-1149	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3799	8.8	重要 Network	TOTOLINK	lr350 ファームウェア	TOTOLINKのlr350 ファームウェアにおける複数の脆弱性	CWE-74 CWE-77	CVE-2026-1150	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

3800	8.8	重要 Network	TOTOLINK	lr350 ファームウェア	TOTOLINKのlr350 ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-1155	2026-02-2 19:38	2026-01-19	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	6.5	MEDIUM Local	-	-	Kdenlive before 26.04.1 allows dangerous proxy parameters when an attacker-controlled project file is used. New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-45184	2026-05-11 03:16	2026-05-10	Show	GitHub Exploit DB Packet Storm

2	6.5	MEDIUM Network	-	-	Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request Forgery. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2. Update	CWE-352 Origin Validation Error	CVE-2026-5791	2026-05-11 01:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

3	8.8	HIGH Network	apache	cloudstack	Account users are allowed by default to register templates to be downloaded directly to the primary storage for deploying instances using the KVM hypervisor. Due to missing file name sanitization, an… New	CWE-94 Code Injection	CVE-2026-25077	2026-05-11 00:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

4	8.1	HIGH Network	-	-	The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is e… New	CWE-359 Exposure of Private Personal Information to an Unauthorized Actor	CVE-2025-66172	2026-05-11 00:16	2026-05-8	Show	GitHub Exploit DB Packet Storm

5	4.3	MEDIUM Network	google	chrome	Insufficient data validation in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sev… Update	NVD-CWE-noinfo CWE-20 Improper Input Validation	CVE-2026-7915	2026-05-10 23:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

6	8.8	HIGH Network	google	chrome	Out of bounds memory access in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi… Update	CWE-787 CWE-125 Out-of-bounds Write Out-of-bounds Read	CVE-2026-7902	2026-05-10 23:16	2026-05-7	Show	GitHub Exploit DB Packet Storm

7	5.4	MEDIUM Network	-	-	WordPress Plugin AAWP 3.16 contains a reflected cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the tab parameter. Attackers can cra… New	CWE-79 Cross-site Scripting	CVE-2022-50970	2026-05-10 22:16	2026-05-10	Show	GitHub Exploit DB Packet Storm

8	6.1	MEDIUM Network	-	-	uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functi… New	CWE-79 Cross-site Scripting	CVE-2022-50969	2026-05-10 22:16	2026-05-10	Show	GitHub Exploit DB Packet Storm

9	6.1	MEDIUM Network	-	-	uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality ar… New	CWE-79 Cross-site Scripting	CVE-2022-50968	2026-05-10 22:16	2026-05-10	Show	GitHub Exploit DB Packet Storm

10	6.1	MEDIUM Network	-	-	uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date_created, date_from, date_to, and created_at parameters in the filter functionality are… New	CWE-79 Cross-site Scripting	CVE-2022-50967	2026-05-10 22:16	2026-05-10	Show	GitHub Exploit DB Packet Storm