Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
191351 5.8 警告
Network 		シスコシステムズ - Cisco ASR 5000 シリーズルータ用 Cisco StarOS の IPsec コンポーネントにおけるすべてのアクティブな IPsec VPN トンネルを終了される脆弱性 CWE-399
リソース管理の問題 		CVE-2017-3865 2017-07-26 16:55 2017-06-21 Show GitHub Exploit DB Packet Storm
191352 9.8 緊急
Network 		ヒューマックス - Humax Digital HG100 における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2017-7317 2017-07-26 16:44 2017-06-29 Show GitHub Exploit DB Packet Storm
191353 6.1 警告
Network 		ヒューマックス - Humax Digital HG100R におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-7316 2017-07-26 16:44 2017-06-29 Show GitHub Exploit DB Packet Storm
191354 9.8 緊急
Network 		ヒューマックス - Humax Digital HG100R における情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2017-7315 2017-07-26 16:44 2017-06-29 Show GitHub Exploit DB Packet Storm
191355 7.8 重要
Local 		XnSoft - Windows 用 XnView Classic におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2017-10774 2017-07-26 16:41 2017-07-5 Show GitHub Exploit DB Packet Storm
191356 7.3 重要
Local 		Nullsoft - Winamp における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2017-10725 2017-07-26 16:39 2017-07-5 Show GitHub Exploit DB Packet Storm
191357 6.1 警告
Network 		IBM - IBM Security Guardium におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-1256 2017-07-26 10:21 2017-06-29 Show GitHub Exploit DB Packet Storm
191358 6.1 警告
Network 		IBM - IBM WebSphere Portal におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-1217 2017-07-26 10:21 2017-06-27 Show GitHub Exploit DB Packet Storm
191359 9.1 緊急
Network 		Schneider Electric - 複数の Schneider Electric Modicon PLC Modicon ファームウェアにおけるエントロピー不足に関する脆弱性 CWE-331
エントロピー不足 		CVE-2017-6030 2017-07-26 09:59 2017-03-30 Show GitHub Exploit DB Packet Storm
191360 9.8 緊急
Network 		Schneider Electric - Schneider Electric Modicon PLC Modicon M241 および M251 ファームウェアにおける証明書・パスワードの管理に関する脆弱性 CWE-255
証明書・パスワード管理 		CVE-2017-6028 2017-07-26 09:59 2017-03-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
491 3.3 LOW
Local 		- - The automatic folder creation feature of Lhaz and Lhaz+ provided by Chitora soft contains a path traversal vulnerability. When the affected product is configured with the automatic folder creation fe… New CWE-22
Path Traversal 		CVE-2026-41530 2026-05-13 00:10 2026-05-12 Show GitHub Exploit DB Packet Storm
492 7.4 HIGH
Network 		- - "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow eavesdropping on, or altering, the communication on push notific… New CWE-295
Improper Certificate Validation  		CVE-2026-41872 2026-05-13 00:10 2026-05-12 Show GitHub Exploit DB Packet Storm
493 - - - Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to 1.5.2, an attacker can write a malicious expression using filters that escapes the sandbox t… New CWE-95
Eval Injection 		CVE-2026-44643 2026-05-13 00:09 2026-05-12 Show GitHub Exploit DB Packet Storm
494 - - - Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited… New CWE-1392
 Use of Default Credentials 		CVE-2026-7428 2026-05-13 00:09 2026-05-12 Show GitHub Exploit DB Packet Storm
495 5.3 MEDIUM
Network 		- - webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r… New CWE-749
 Exposed Dangerous Method or Function 		CVE-2026-6402 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
496 7.5 HIGH
Network 		- - multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload with a lon… New CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2026-8159 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
497 7.5 HIGH
Network 		- - multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a field name that collides with an inherited Object.proto… New CWE-248
CWE-1321
 Uncaught Exception
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-8161 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
498 7.5 HIGH
Network 		- - multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request with a Content-Disposition header whose filename* parameter co… New CWE-755
 Improper Handling of Exceptional Conditions 		CVE-2026-8162 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
499 7.4 HIGH
Network 		- - When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP … New CWE-235
 Improper Handling of Extra Parameters 		CVE-2026-27851 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
500 6.8 MEDIUM
Adjacent 		- - Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRAM TLS channel binding. This requires that the attacker is able to position itself between Dovecot and the c… New CWE-99
Resource Injection 		CVE-2026-33603 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm