Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3921	9.8	緊急 Network	Nexxt Solutions	Nebula300Plus Firmware	Nexxt SolutionsのNebula300Plus Firmwareにおける過度な認証試行の不適切な制限に関する脆弱性	CWE-307 過度な認証試行の不適切な制限	CVE-2026-31851	2026-05-1 10:38	2026-03-23	Show	GitHub Exploit DB Packet Storm

3922	6.1	警告 Network	angular	Angular CLI	angularのAngular CLIにおけるオープンリダイレクトの脆弱性	CWE-601 オープンリダイレクト	CVE-2026-33397	2026-05-1 10:38	2026-03-26	Show	GitHub Exploit DB Packet Storm

3923	9.1	緊急 Network	Fatedier	FRP	FatedierのFRPにおける認証に関する脆弱性	CWE-287 CWE-noinfo	CVE-2026-40910	2026-05-1 10:38	2026-04-21	Show	GitHub Exploit DB Packet Storm

3924	8.8	重要 Network	VMware	Spring gRPC	VMwareのSpring gRPCにおける隔離または分類に関する脆弱性	CWE-653 不適切な隔離または分類	CVE-2026-40968	2026-05-1 10:38	2026-04-28	Show	GitHub Exploit DB Packet Storm

3925	5.3	警告 Network	VMware	Spring gRPC	VMwareのSpring gRPCにおけるエラーメッセージによる情報漏えいに関する脆弱性	CWE-209 エラーメッセージによる情報漏えい	CVE-2026-40969	2026-05-1 10:38	2026-04-28	Show	GitHub Exploit DB Packet Storm

3926	7.5	重要 Network	Frappe	Press	FrappeのPressにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-41317	2026-05-1 10:38	2026-04-24	Show	GitHub Exploit DB Packet Storm

3927	6.1	警告 Network	Frappe	Press	FrappeのPressにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41430	2026-05-1 10:38	2026-04-24	Show	GitHub Exploit DB Packet Storm

3928	8.8	重要 Network	D-Link Systems, Inc.	DHP-1320 Firmware	D-Link CorporationのDHP-1320 Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-4529	2026-05-1 10:38	2026-03-21	Show	GitHub Exploit DB Packet Storm

3929	7	重要 Local	flos-freeware (Florian Balmer)	Notepad2	flos-freeware (Florian Balmer)のNotepad2における複数の脆弱性	CWE-426 CWE-427	CVE-2026-4545	2026-05-1 10:38	2026-03-22	Show	GitHub Exploit DB Packet Storm

3930	7	重要 Local	flos-freeware (Florian Balmer)	Notepad2	flos-freeware (Florian Balmer)のNotepad2における複数の脆弱性	CWE-426 CWE-427	CVE-2026-4546	2026-05-1 10:38	2026-03-22	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1911	6.3	MEDIUM Network	-	-	A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can …	CWE-266 CWE-284 Incorrect Privilege Assignment Improper Access Control	CVE-2026-9581	2026-05-28 23:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

1912	7.5	HIGH Network	archive\	\	Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar() reads each entry's payload with $handle->read($$data, $block), …	CWE-789 Memory Allocation with Excessive Size Value	CVE-2026-9538	2026-05-28 23:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

1913	7.5	HIGH Network	-	-	The InputFilter::getInstance() method omitted a security sensitive parameter from the instance cache key.	CWE-524 Use of Cache Containing Sensitive Information	CVE-2026-48901	2026-05-28 23:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

1914	7.8	HIGH Local	-	-	A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca…	CWE-787 Out-of-bounds Write	CVE-2026-48864	2026-05-28 23:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

1915	7.7	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45715	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

1916	10.0	CRITICAL Network	-	-	Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by de…	CWE-15 CWE-78 CWE-306 External Control of System or Configuration Setting OS Command Missing Authentication for Critical Function	CVE-2026-45087	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

1917	5.0	MEDIUM Network	-	-	Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate …	CWE-78 CWE-1336 OS Command Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-44723	2026-05-28 23:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

1918	7.9	HIGH Local	-	-	pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption…	CWE-59 CWE-287 Link Following Improper Authentication	CVE-2026-44711	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

1919	7.5	HIGH Network	archive\	\	Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without va…	CWE-59 CWE-732 Link Following Incorrect Permission Assignment for Critical Resource	CVE-2026-42497	2026-05-28 23:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

1920	9.1	CRITICAL Network	archive\	\	Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() with…	CWE-59 Link Following	CVE-2026-42496	2026-05-28 23:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed