Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
5111	5.3	警告 Network	Discourse	Discourse	Discourseにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2026-34947	2026-04-24 11:44	2026-04-3	Show	GitHub Exploit DB Packet Storm

5112	9.1	緊急 Network	nearform	fast-jwt	nearformのfast-jwtにおける暗号アルゴリズムの使用に関する脆弱性	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2026-34950	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

5113	4.3	警告 Network	Plunk	Plunk	PlunkにおけるCRLF インジェクションの脆弱性	CWE-93 CRLF インジェクション	CVE-2026-34975	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

5114	10	緊急 Network	dgraph	dgraph	dgraphにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-34976	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

5115	8.2	重要 Local	Vim	Vim	VimにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-34982	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

5116	6.5	警告 Network	external-secrets	external secrets operator	external-secretsのexternal secrets operatorにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2026-34984	2026-04-24 11:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

5117	8.1	重要 Network	jellyfin	jellyfin	jellyfinにおける複数の脆弱性	CWE-73 CWE-918	CVE-2026-35032	2026-04-24 11:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

5118	9.1	緊急 Network	jellyfin	jellyfin	jellyfinにおける複数の脆弱性	CWE-862 CWE-88	CVE-2026-35033	2026-04-24 11:43	2026-04-14	Show	GitHub Exploit DB Packet Storm

5119	9	緊急 Network	Ci4-cms-erp	Ci4MS	Ci4-cms-erpのCi4MSにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-35035	2026-04-24 11:43	2026-04-6	Show	GitHub Exploit DB Packet Storm

5120	7.2	重要 Network	Ech0	Ech0	Ech0におけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-35037	2026-04-24 11:43	2026-04-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
351961	-	iatek	projectapp	Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) searc…	CWE-79 Cross-site Scripting	CVE-2005-4485	2011-09-13 13:00	2005-12-22	Show	GitHub Exploit DB Packet Storm

351962	-	sitekit_solutions	sitekit_cms	Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query string, (2) textonly, (3) locID, and…	CWE-79 Cross-site Scripting	CVE-2005-4491	2011-09-13 13:00	2005-12-22	Show	GitHub Exploit DB Packet Storm

351963	-	iisworks	aspknowledgebase	Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrat…	CWE-79 Cross-site Scripting	CVE-2005-4658	2011-09-13 13:00	2005-12-31	Show	GitHub Exploit DB Packet Storm

351964	-	oneplug_solutions	oneplug_cms	Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Servi…	CWE-89 SQL Injection	CVE-2006-0115	2011-09-8 13:00	2006-01-9	Show	GitHub Exploit DB Packet Storm

351965	-	runcms	runcms	Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] pa…	CWE-94 Code Injection	CVE-2006-0659	2011-09-8 13:00	2006-02-13	Show	GitHub Exploit DB Packet Storm

351966	-	runcms	runcms	Successful exploitation requires that both "register_globals" and "allow_url_fopen" are enabled.	CWE-94 Code Injection	CVE-2006-0659	2011-09-8 13:00	2006-02-13	Show	GitHub Exploit DB Packet Storm

351967	-	joomla	joomla	Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors.	CWE-89 SQL Injection	CVE-2006-1049	2011-09-8 13:00	2006-03-7	Show	GitHub Exploit DB Packet Storm

351968	-	papoo	papoo	Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the…	CWE-89 SQL Injection	CVE-2005-4478	2011-09-8 13:00	2005-12-22	Show	GitHub Exploit DB Packet Storm

351969	-	wordpress	wordpress	Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-20…	NVD-CWE-noinfo	CVE-2006-4028	2011-09-1 13:00	2006-08-10	Show	GitHub Exploit DB Packet Storm

351970	-	oaboard	oaboard	PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-00…	CWE-94 Code Injection	CVE-2006-0094	2011-08-23 13:00	2006-01-5	Show	GitHub Exploit DB Packet Storm