Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
191361	7.5	重要 Network	Elasticsearch	-	Logstash における情報漏えいに関する脆弱性	CWE-200 情報漏えい	CVE-2016-1000221	2017-07-19 11:43	2016-07-7	Show	GitHub Exploit DB Packet Storm

191362	-	-	日立	-	Hitachi Automation Director および Hitachi Infrastructure Analytics Advisor における複数の脆弱性	CWE-noinfo 情報不足	-	2017-07-19 11:33	2017-07-18	Show	GitHub Exploit DB Packet Storm

191363	6.5	警告 Network	マイクロソフト	-	Microsoft Windows 10 および Windows Server 2016 の Microsoft Edge における悪意のあるコンテンツを含む Web ページを読み込まれる脆弱性	CWE-254 セキュリティ機能	CVE-2017-8599	2017-07-18 18:24	2017-07-11	Show	GitHub Exploit DB Packet Storm

191364	7.5	重要 Network	マイクロソフト	-	Microsoft Internet Explorer 11 における現在のユーザのコンテキストで任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2017-8594	2017-07-18 18:24	2017-07-11	Show	GitHub Exploit DB Packet Storm

191365	8.8	重要 Local	マイクロソフト	-	複数の Microsoft Windows 製品における権限を昇格される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-8590	2017-07-18 18:23	2017-07-11	Show	GitHub Exploit DB Packet Storm

191366	7.5	重要 Network	レッドハット	-	NetKVM Windows Virtio ドライバにおけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2015-3215	2017-07-18 18:16	2015-06-3	Show	GitHub Exploit DB Packet Storm

191367	4.7	警告 Local	レッドハット	-	自動バグ報告ツールの kernel-invoked coredump プロセッサにおける重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2015-3142	2017-07-18 18:16	2015-06-9	Show	GitHub Exploit DB Packet Storm

191368	5.5	警告 Local	レッドハット	-	自動バグ報告ツールのイベントスクリプトにおける /var/log/messages から重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2015-1870	2017-07-18 18:16	2015-06-9	Show	GitHub Exploit DB Packet Storm

191369	7.8	重要 Local	Synology Inc.	-	Synology Photo Station の認証における資格情報を取得される脆弱性	CWE-287 不適切な認証	CVE-2017-9552	2017-07-18 18:07	2017-06-13	Show	GitHub Exploit DB Packet Storm

191370	6.1	警告 Network	Ruby-lang.org	-	Ruby の Net::SMTP における SMTP コマンドインジェクションの脆弱性	CWE-93 CRLF インジェクション	CVE-2015-9096	2017-07-18 18:03	2015-12-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
71	8.3	HIGH Network	-	-	pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … New	CWE-441 CWE-863 CWE-918 Confused Deputy Incorrect Authorization Server-Side Request Forgery (SSRF)	CVE-2026-42313	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

72	6.8	MEDIUM Network	-	-	pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the set_config_value() API method (@permission(Perms.SETTINGS)) in src/pyload/core/api/__init__.py gates … New	CWE-295 CWE-306 CWE-863 Improper Certificate Validation Missing Authentication for Critical Function Incorrect Authorization	CVE-2026-42312	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

73	8.0	HIGH Network	-	-	Zen is a firefox-based browser. Prior to 1.19.9b, Zen Browser ships a Mozilla Application Resource (MAR) updater (org.mozilla.updater) that has had all MAR signature verification stripped from the Fi… New	CWE-347 Improper Verification of Cryptographic Signature	CVE-2026-41431	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

74	-		-	-	jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator … New	CWE-190 CWE-787 Integer Overflow or Wraparound Out-of-bounds Write	CVE-2026-41257	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

75	5.5	MEDIUM Local	-	-	jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil… New	CWE-158 Improper Neutralization of Null Byte or NUL Character	CVE-2026-41256	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

76	5.7	MEDIUM Network	-	-	Taiga is a project management platform for startups and agile developers. Prior 6.9.1, Taiga front is vulnerable to stored XSS. This vulnerability is fixed in 6.9.1. New	CWE-79 Cross-site Scripting	CVE-2026-41250	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

77	-		-	-	jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with… New	CWE-674 Uncontrolled Recursion	CVE-2026-40612	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

78	-		-	-	Wellbia's XIGNCODE3 xhunter1.sys kernel driver Privilege Escalation Vulnerability provides access to IRP_MJ_REITS command interface, which allows any user process to request a PROCESS_ALL_ACCESS. Cr… New	-	CVE-2026-3609	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

79	-		-	-	An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections … New	CWE-502 CWE-918 Deserialization of Untrusted Data Server-Side Request Forgery (SSRF)	CVE-2026-3048	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

80	-		-	-	HireFlow v1.2 is vulnerable to Cross Site Scripting (XSS) in candidate_detail.html via the Resume or Feedback Comment fields via POST /candidates/add or POST /feedback/add. New	-	CVE-2026-38569	2026-05-12 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm