Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1361 7.5 重要
Network 		pdfmake project pdfmake pdfmakeにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-26801 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
1362 7.8 重要
Local 		Luis Novo (lfnovo) Open Notebook Luis Novo (lfnovo)のOpen Notebookにおける複数の脆弱性 CWE-20
CWE-352
CWE-917
CWE-noinfo
CVE-2026-28201 2026-05-11 11:02 2026-05-7 Show GitHub Exploit DB Packet Storm
1363 9.8 緊急
Network 		Xiaomi MIUI File Explorer XiaomiのMIUI File Explorerにおける複数の脆弱性 CWE-303
CWE-862
CVE-2026-29515 2026-05-11 11:02 2026-03-11 Show GitHub Exploit DB Packet Storm
1364 6.1 警告
Network 		WorkflowFirst Software LLC Staff.Wiki WorkflowFirst Software LLCのStaff.Wikiにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-29969 2026-05-11 11:02 2026-03-26 Show GitHub Exploit DB Packet Storm
1365 5.4 警告
Network 		spomky-labs webauthn-lib
webauthn-symfony-bundle
webauthn framwork 		spomky-labsのwebauthn-lib等の複数製品における同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2026-30964 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
1366 6.5 警告
Network 		appium Appium/support appiumのAppium/supportにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-30973 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
1367 8.8 重要
Network 		マイクロソフト Microsoft Windows Server 2025
Microsoft Windows Server 2022
Microsoft Windows 11 24h2
Microsoft Windows 11 25h2
Microsoft … 		リモート デスクトップ クライアントのリモートでコードが実行される脆弱性 CWE-416
解放済みメモリの使用 		CVE-2026-32157 2026-05-11 11:02 2026-04-14 Show GitHub Exploit DB Packet Storm
1368 10 緊急
Network 		Luis Novo (lfnovo) Open Notebook Luis Novo (lfnovo)のOpen Notebookにおける入力確認に関する脆弱性 CWE-20
CWE-noinfo
CVE-2026-33587 2026-05-11 11:02 2026-05-7 Show GitHub Exploit DB Packet Storm
1369 8.1 重要
Network 		Luis Novo (lfnovo) Open Notebook Luis Novo (lfnovo)のOpen Notebookにおける入力確認に関する脆弱性 CWE-20
CWE-noinfo
CVE-2026-33588 2026-05-11 11:02 2026-05-7 Show GitHub Exploit DB Packet Storm
1370 6.5 警告
Network 		Luis Novo (lfnovo) Open Notebook Luis Novo (lfnovo)のOpen Notebookにおける入力確認に関する脆弱性 CWE-20
CWE-noinfo
CVE-2026-33589 2026-05-11 11:02 2026-05-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1641 6.3 MEDIUM
Network 		- - The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This… CWE-281
 Improper Preservation of Permissions 		CVE-2025-8325 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1642 8.6 HIGH
Network 		- - The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerabilit… CWE-400
 Uncontrolled Resource Consumption 		CVE-2025-10470 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1643 6.4 MEDIUM
Adjacent 		- - Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.… CWE-284
CWE-863
Improper Access Control
 Incorrect Authorization 		CVE-2025-9973 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1644 6.1 MEDIUM
Local 		- - Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the d… CWE-674
 Uncontrolled Recursion 		CVE-2026-1681 2026-05-14 00:25 2026-05-12 Show GitHub Exploit DB Packet Storm
1645 8.3 HIGH
Network 		- - Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/use… CWE-269
 Improper Privilege Management 		CVE-2026-42562 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1646 - - - Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escal… CWE-863
 Incorrect Authorization 		CVE-2026-42571 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1647 7.5 HIGH
Network 		- - apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target poi… CWE-22
CWE-59
Path Traversal
Link Following 		CVE-2026-42574 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1648 7.5 HIGH
Network 		- - apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the signature on APKINDEX.tar.gz but never compares individually downloaded … CWE-345
CWE-494
 Insufficient Verification of Data Authenticity
 Download of Code Without Integrity Check 		CVE-2026-42575 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1649 6.5 MEDIUM
Network 		- - apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *r… CWE-704
 Incorrect Type Conversion or Cast 		CVE-2026-42576 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1650 7.5 HIGH
Network 		golang go The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). CWE-476
 NULL Pointer Dereference 		CVE-2026-39836 2026-05-14 00:11 2026-05-8 Show GitHub Exploit DB Packet Storm