Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
190211	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14293	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190212	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14292	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190213	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14291	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190214	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14290	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190215	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14289	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190216	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14288	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190217	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14287	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190218	7.8	重要 Local	STDUtility	-	STDU Viewer におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2017-14286	2017-10-2 17:04	2017-09-11	Show	GitHub Exploit DB Packet Storm

190219	7.8	重要 Local	ATM Mobilis	-	ZTE Datacard における信頼性のない検索パスに関する脆弱性	CWE-426 信頼性のない検索パス	CVE-2015-0974	2017-10-2 17:00	2015-01-1	Show	GitHub Exploit DB Packet Storm

190220	5.4	警告 Network	Centreon	-	Centreon におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-7672	2017-10-2 16:57	2015-09-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
21	9.0	CRITICAL Network	-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-… New	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-48150	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

22	8.1	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, the Budibase Text component renders markdown by assigning marked.parse(markdown) straight to innerHTML with no sanitizer (packages/bbui/… New	CWE-79 Cross-site Scripting	CVE-2026-48149	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

23	-		-	-	Budibase is an open-source low-code platform. Prior to 3.35.3, the VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reser… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-48148	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

24	6.5	MEDIUM Network	-	-	Budibase is an open-source low-code platform. Prior to 3.35.4, the buildMatcherRegex() / matches() functions in packages/backend-core/src/middleware/matchers.ts route patterns are compiled into unanc… New	CWE-185 CWE-352 Incorrect Regular Expression Origin Validation Error	CVE-2026-48147	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

25	7.7	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, the OAuth2 token fetch function in packages/server/src/sdk/workspace/oauth2/utils.ts uses raw fetch(config.url) with no SSRF protection.… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-48146	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

26	-		-	-	Budibase is an open-source low-code platform. Prior to 3.39.0, the executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-48128	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

27	7.7	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is D… New	CWE-200 Information Exposure	CVE-2026-46427	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

28	7.6	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks … New	CWE-79 CWE-434 Cross-site Scripting Unrestricted Upload of File with Dangerous Type	CVE-2026-46426	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

29	9.9	CRITICAL Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM (checks the Enterprise featu… New	CWE-862 Missing Authorization	CVE-2026-46425	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

30	4.2	MEDIUM Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate… New	CWE-269 Improper Privilege Management	CVE-2026-46424	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm