Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
5321 8.2 重要
Network 		UltraDAG UltraDAG UltraDAGにおける複数の脆弱性 CWE-460
CWE-696
CVE-2026-40583 2026-04-30 12:13 2026-04-21 Show GitHub Exploit DB Packet Storm
5322 7.5 重要
Network 		RansomLook RansomLook RansomLookにおける情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2026-40584 2026-04-30 12:13 2026-04-21 Show GitHub Exploit DB Packet Storm
5323 5.6 警告
Local 		Home Assistant Ecosystem Home Assistant Command-line Interface (hass-cli) Home Assistant EcosystemのHome Assistant Command-line Interface (hass-cli)における複数の脆弱性 CWE-1336
CWE-94
CVE-2026-40602 2026-04-30 12:13 2026-04-21 Show GitHub Exploit DB Packet Storm
5324 5.5 警告
Local 		Dayuan Jiang (DayuanJiang) Next AI Draw.io Dayuan Jiang (DayuanJiang)のNext AI Draw.ioにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-40608 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
5325 8.1 重要
Network 		Zcash Foundation Zebra-consensus
Zebrad 		Zcash FoundationのZebra-consensus等の複数製品における誤った要素を使用した比較に関する脆弱性 CWE-1025
誤った要素を使用した比較 		CVE-2026-40880 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
5326 7.5 重要
Network 		Zcash Foundation zebra-network
Zebrad 		Zcash Foundationのzebra-network等の複数製品における制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-40881 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
5327 6.5 警告
Network 		Frappe Frappe HR FrappeのFrappe HRにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-40888 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
5328 6.5 警告
Network 		Frappe Frappe HR FrappeのFrappe HRにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-40889 2026-04-30 12:12 2026-04-21 Show GitHub Exploit DB Packet Storm
5329 8.8 重要
Network 		Jos de Jong math.js Math.jsにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性 CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更 		CVE-2026-40897 2026-04-30 12:12 2026-04-24 Show GitHub Exploit DB Packet Storm
5330 8.8 重要
Network 		Paperclip paperclipai PaperclipのpaperclipaiにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2026-41208 2026-04-30 12:12 2026-04-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 10, 2026, 5 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
347631 - alex news-engine SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter. NVD-CWE-Other
CVE-2006-2879 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347632 - pyblosxom pyblosxom Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) … NVD-CWE-Other
CVE-2006-2880 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347633 - pyblosxom pyblosxom This vulnerability is present only in the Contributed Packages of this product. NVD-CWE-Other
CVE-2006-2880 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347634 - knowledgetree knowledgetree Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fDocumentId parameter in v… NVD-CWE-Other
CVE-2006-2885 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347635 - jam_warehouse knowledgetree_open_source view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting erro… NVD-CWE-Other
CVE-2006-2886 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347636 - mediawiki mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form. NVD-CWE-Other
CVE-2006-2895 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347637 - funkboard funkboard Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors. NVD-CWE-Other
CVE-2006-2897 2017-07-20 10:31 2006-06-7 Show GitHub Exploit DB Packet Storm
347638 - cowon_america jetaudio Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including… NVD-CWE-Other
CVE-2006-2910 2017-07-20 10:31 2006-07-6 Show GitHub Exploit DB Packet Storm
347639 - out_of_the_trees_web_design selectapix Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows remote attackers to inject arbitrary web script or HTML via the albumID parameter to (1) popup.php and (2) view_album.php. NVD-CWE-Other
CVE-2006-2913 2017-07-20 10:31 2006-06-9 Show GitHub Exploit DB Packet Storm
347640 - cmpro_team clan_manager_pro PHP remote file inclusion vulnerability in cmpro_header.inc.php in Clan Manager Pro (CMPRO) 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code vi… NVD-CWE-Other
CVE-2006-2921 2017-07-20 10:31 2006-06-9 Show GitHub Exploit DB Packet Storm