Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 5, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
5151 7.8 重要
Local 		マイクロソフト Microsoft Windows Server 2019
Microsoft Windows 10 1607
Microsoft Windows Server 2016
Microsoft Windows 11 23h2
Microsoft … 		WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性 CWE-362
CWE-416
CVE-2026-26168 2026-04-27 10:51 2026-04-14 Show GitHub Exploit DB Packet Storm
5152 6.1 警告
Local 		マイクロソフト Microsoft Windows Server 2019
Microsoft Windows 10 1607
Microsoft Windows Server 2016
Microsoft Windows 11 23h2
Microsoft … 		Windows カーネル メモリの情報漏えいの脆弱性 CWE-126
バッファオーバーリード 		CVE-2026-26169 2026-04-27 10:51 2026-04-14 Show GitHub Exploit DB Packet Storm
5153 7.8 重要
Local 		マイクロソフト Microsoft Windows Server 2019
Microsoft Windows 10 1607
Microsoft Windows Server 2016
Microsoft Windows 11 23h2
Microsoft … 		PowerShell の特権の昇格の脆弱性 CWE-20
不適切な入力確認 		CVE-2026-26170 2026-04-27 10:51 2026-04-14 Show GitHub Exploit DB Packet Storm
5154 7.8 重要
Local 		マイクロソフト Microsoft Windows 11 23h2
Microsoft Windows 11 26h1
Microsoft Windows 10 22h2
Microsoft Windows 10 21h2
Microsoft Windows&… 		Windows プッシュ通知の特権昇格の脆弱性 CWE-362
CWE-416
CVE-2026-26172 2026-04-27 10:51 2026-04-14 Show GitHub Exploit DB Packet Storm
5155 7 重要
Local 		マイクロソフト Microsoft Windows Server 2019
Microsoft Windows 10 1607
Microsoft Windows Server 2016
Microsoft Windows 11 23h2
Microsoft … 		WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性 CWE-362
CWE-416
CWE-476
CVE-2026-26173 2026-04-27 10:51 2026-04-14 Show GitHub Exploit DB Packet Storm
5156 8.2 重要
Network 		FirebirdSQL Firebird FirebirdSQLのFirebirdにおける複数の脆弱性 CWE-119
CWE-787
CVE-2026-27890 2026-04-27 10:51 2026-04-17 Show GitHub Exploit DB Packet Storm
5157 7.5 重要
Network 		FirebirdSQL Firebird FirebirdSQLのFirebirdにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-28212 2026-04-27 10:51 2026-04-17 Show GitHub Exploit DB Packet Storm
5158 6.5 警告
Network 		FirebirdSQL Firebird FirebirdSQLのFirebirdにおける複数の脆弱性 CWE-190
CWE-835
CVE-2026-28214 2026-04-27 10:51 2026-04-17 Show GitHub Exploit DB Packet Storm
5159 8.2 重要
Network 		FirebirdSQL Firebird FirebirdSQLのFirebirdにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-28224 2026-04-27 10:51 2026-04-17 Show GitHub Exploit DB Packet Storm
5160 6.5 警告
Network 		TOTOLINK a3300r ファームウェア TOTOLINKのa3300r ファームウェアにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2026-31159 2026-04-27 10:51 2026-04-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
331 9.8 CRITICAL
Network 		- - PDF Signer 3.0 contains a server-side template injection vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting PHP commands through the CSRF-TOKEN cookie paramete… New CWE-352
 Origin Validation Error 		CVE-2019-25729 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
332 8.2 HIGH
Network 		- - Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can s… New CWE-89
SQL Injection 		CVE-2019-25730 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
333 7.2 HIGH
Network 		- - Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje… New CWE-79
Cross-site Scripting 		CVE-2019-25731 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
334 8.2 HIGH
Network 		- - PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers… New CWE-89
SQL Injection 		CVE-2019-25732 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
335 8.4 HIGH
Local 		- - NetShareWatcher 1.5.8.0 contains a structured exception handler buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying malicious input. Attackers can craft a… New CWE-120
Classic Buffer Overflow 		CVE-2019-25733 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
336 4.0 MEDIUM
Local 		- - Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanit… New CWE-22
Path Traversal 		CVE-2019-25734 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
337 8.4 HIGH
Local 		- - AllPlayer 7.4 contains a local buffer overflow vulnerability in URL handling that allows attackers to overwrite structured exception handling pointers by supplying an excessively long URL string. Att… New CWE-120
Classic Buffer Overflow 		CVE-2019-25735 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
338 8.4 HIGH
Local 		- - LabF nfsAxe 3.7 Ping Client contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious payload in the Host IP field. Attackers can craft a… New CWE-120
Classic Buffer Overflow 		CVE-2019-25736 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
339 7.2 HIGH
Network 		- - Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay… New CWE-79
Cross-site Scripting 		CVE-2019-25737 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm
340 9.8 CRITICAL
Network 		- - WordPress Hybrid Composer 1.4.6 contains an unauthenticated settings change vulnerability that allows unauthenticated attackers to modify WordPress options by exploiting the hc_ajax_save_option actio… New CWE-306
Missing Authentication for Critical Function 		CVE-2019-25738 2026-06-5 00:00 2026-06-4 Show GitHub Exploit DB Packet Storm