Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
190851	8.1	重要 Network	heinekingmedia GmbH	-	heinekingmedia StashCat における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-11130	2017-09-1 11:46	2017-07-31	Show	GitHub Exploit DB Packet Storm

190852	9.8	緊急 Network	heinekingmedia GmbH	-	heinekingmedia StashCat におけるハードコードされた認証情報の使用に関する脆弱性	CWE-798 ハードコードされた認証情報の使用	CVE-2017-11129	2017-09-1 11:46	2017-07-31	Show	GitHub Exploit DB Packet Storm

190853	9.8	緊急 Network	トレンドマイクロ	-	Trend Micro Deep Discovery Director におけるハードコードされた認証情報の使用に関する脆弱性	CWE-798 ハードコードされた認証情報の使用	CVE-2017-11380	2017-09-1 11:43	2017-07-12	Show	GitHub Exploit DB Packet Storm

190854	7.5	重要 Network	トレンドマイクロ	-	Trend Micro Deep Discovery Director におけるデータの信頼性についての不十分な検証に関する脆弱性	CWE-345 データの信頼性についての不十分な検証	CVE-2017-11379	2017-09-1 11:43	2017-07-12	Show	GitHub Exploit DB Packet Storm

190855	6.1	警告 Network	Trello, Inc.	-	iOS 用 Trello アプリケーションにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-9244	2017-09-1 11:19	2017-07-12	Show	GitHub Exploit DB Packet Storm

190856	9.8	緊急 Network	UNIT4	-	Unit4 Polska TETA Web におけるセッションの固定化の脆弱性	CWE-384 セッションの固定化	CVE-2015-1174	2017-09-1 11:19	2015-01-8	Show	GitHub Exploit DB Packet Storm

190857	7.8	重要 Local	GNU Project	-	GNU Binutils における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2017-12459	2017-09-1 10:49	2017-07-27	Show	GitHub Exploit DB Packet Storm

190858	7.8	重要 Local	GNU Project	-	GNU Binutils における境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2017-12458	2017-09-1 10:49	2017-07-27	Show	GitHub Exploit DB Packet Storm

190859	7.8	重要 Local	GNU Project	-	GNU Binutils における NULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2017-12457	2017-09-1 10:49	2017-07-27	Show	GitHub Exploit DB Packet Storm

190860	7.8	重要 Local	GNU Project	-	GNU Binutils における境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2017-12456	2017-09-1 10:49	2017-07-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
41	8.8	HIGH Network	-	-	ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. New	CWE-77 Command Injection	CVE-2025-57282	2026-05-19 03:17	2026-05-19	Show	GitHub Exploit DB Packet Storm

42	7.5	HIGH Network	-	-	In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C… New	CWE-400 Uncontrolled Resource Consumption	CVE-2025-56352	2026-05-19 03:17	2026-05-19	Show	GitHub Exploit DB Packet Storm

43	-		-	-	Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. New	-	CVE-2023-24215	2026-05-19 03:17	2026-05-19	Show	GitHub Exploit DB Packet Storm

44	8.6	HIGH Network	lfprojects	mlflow	A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) an… New	CWE-305 Authentication Bypass by Primary Weakness	CVE-2026-2652	2026-05-19 03:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

45	7.0	HIGH Local	vmware	fusion	VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41702	2026-05-19 03:15	2026-05-15	Show	GitHub Exploit DB Packet Storm

46	5.3	MEDIUM Local	tonyc	imager\	Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G… New	CWE-787 Out-of-bounds Write	CVE-2026-8454	2026-05-19 03:12	2026-05-15	Show	GitHub Exploit DB Packet Storm

47	7.1	HIGH Local	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content direc… Update	CWE-93 CRLF Injection	CVE-2026-42586	2026-05-19 03:02	2026-05-14	Show	GitHub Exploit DB Packet Storm

48	3.6	LOW Local	-	-	Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik… New	CWE-78 CWE-88 OS Command Argument Injection	CVE-2026-46483	2026-05-19 02:52	2026-05-16	Show	GitHub Exploit DB Packet Storm

49	8.8	HIGH Network	-	-	Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored… New	CWE-79 Cross-site Scripting	CVE-2026-7498	2026-05-19 02:51	2026-05-18	Show	GitHub Exploit DB Packet Storm

50	6.3	MEDIUM Network	-	-	A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph… New	CWE-74 CWE-77 Injection Command Injection	CVE-2026-8753	2026-05-19 02:51	2026-05-17	Show	GitHub Exploit DB Packet Storm