Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3941	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	CX12L Pro Firmware	Shenzhen Tenda Technology Co.,Ltd.のCX12L Pro Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-5686	2026-05-1 10:38	2026-04-6	Show	GitHub Exploit DB Packet Storm

3942	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	CX12L Pro Firmware	Shenzhen Tenda Technology Co.,Ltd.のCX12L Pro Firmwareにおける複数の脆弱性	CWE-119 CWE-121	CVE-2026-5687	2026-05-1 10:38	2026-04-6	Show	GitHub Exploit DB Packet Storm

3943	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7019	2026-05-1 10:38	2026-04-26	Show	GitHub Exploit DB Packet Storm

3944	4.8	警告 Network	D-Link Systems, Inc.	DGS-3420-28TC Firmware	D-Link CorporationのDGS-3420-28TC Firmwareにおける複数の脆弱性	CWE-79 CWE-94	CVE-2026-7026	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

3945	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7029	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

3946	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7030	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

3947	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7031	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

3948	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7032	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

3949	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7033	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

3950	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7053	2026-05-1 10:37	2026-04-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2131	8.8	HIGH Local	-	-	pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/tmux.c reads the user's $TMUX environment variable, splits it on commas, and interpolates the so…	CWE-78 CWE-116 OS Command Improper Encoding or Escaping of Output	CVE-2026-44713	2026-05-28 22:57	2026-05-28	Show	GitHub Exploit DB Packet Storm

2132	7.4	HIGH Network	-	-	pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb's deny_remote feature checks utmpx ut_addr_v6 to detect whether an authentication request o…	CWE-284 Improper Access Control	CVE-2026-47269	2026-05-28 22:57	2026-05-28	Show	GitHub Exploit DB Packet Storm

2133	6.3	MEDIUM Local	-	-	pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb is a PAM module loaded into the host process (sudo, login, GDM, GNOME Shell). Display manage…	CWE-362 Race Condition	CVE-2026-47270	2026-05-28 22:57	2026-05-28	Show	GitHub Exploit DB Packet Storm

2134	6.1	MEDIUM Network	apache	echarts	A cross-site scripting (XSS) vulnerability exists in Apache ECharts in the Lines series tooltip rendering logic. This issue affects Apache ECharts: from before 6.1.0. In versions prior to 6.1.0,…	CWE-79 Cross-site Scripting	CVE-2026-45249	2026-05-28 22:48	2026-05-25	Show	GitHub Exploit DB Packet Storm

2135	6.5	MEDIUM Network	apache	shiro	Default configurations of Apache Shiro have a session fixation vulnerability. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommended to upgrade to version 2.1.1…	CWE-384 Session Fixation	CVE-2026-43827	2026-05-28 22:47	2026-05-26	Show	GitHub Exploit DB Packet Storm

2136	6.5	MEDIUM Network	apache	shiro	Default configurations of Apache Shiro send sensitive cookies in HTTPS session without 'Secure' attribute. This issue affects Apache Shiro from 1.0 to 2.1.0, and 3.0.0-alpha-1. Users are recommen…	CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute	CVE-2026-43828	2026-05-28 22:45	2026-05-26	Show	GitHub Exploit DB Packet Storm

2137	4.3	MEDIUM Network	-	-	The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_…	CWE-862 Missing Authorization	CVE-2026-4888	2026-05-28 22:45	2026-05-28	Show	GitHub Exploit DB Packet Storm

2138	4.3	MEDIUM Network	-	-	The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.16 via the action_get_event_data due to …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-9228	2026-05-28 22:45	2026-05-28	Show	GitHub Exploit DB Packet Storm

2139	4.3	MEDIUM Network	-	-	The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.7. This is due to missing nonce verification in the `handle_oauth…	CWE-352 Origin Validation Error	CVE-2026-7533	2026-05-28 22:45	2026-05-28	Show	GitHub Exploit DB Packet Storm

2140	6.4	MEDIUM Network	-	-	The LiveSmart Video Chat Live Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'livesmart_widget' shortcode in all versions up to, and including, 1.2 due …	CWE-79 Cross-site Scripting	CVE-2026-9644	2026-05-28 22:45	2026-05-28	Show	GitHub Exploit DB Packet Storm