Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
193791	7.8	重要 Local	Google	-	Android の WCDMA におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2014-9929	2017-06-29 16:56	2017-05-1	Show	GitHub Exploit DB Packet Storm

193792	7.8	重要 Local	Google	-	Android の GERAN におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2014-9928	2017-06-29 16:56	2017-05-1	Show	GitHub Exploit DB Packet Storm

193793	7.8	重要 Local	Google	-	Android の UIM におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2014-9927	2017-06-29 16:55	2017-05-1	Show	GitHub Exploit DB Packet Storm

193794	7.8	重要 Local	Google	-	Android の GNSS における解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2014-9926	2017-06-29 16:55	2017-05-1	Show	GitHub Exploit DB Packet Storm

193795	7.8	重要 Local	Google	-	Android の HDR におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2014-9925	2017-06-29 16:55	2017-05-1	Show	GitHub Exploit DB Packet Storm

193796	7.8	重要 Local	Google	-	Android における数値処理に関する脆弱性	CWE-189 数値処理の問題	CVE-2014-9924	2017-06-29 16:55	2017-05-1	Show	GitHub Exploit DB Packet Storm

193797	7.8	重要 Local	Google	-	Android の NAS におけるバッファエラーの脆弱性	CWE-119 バッファエラー	CVE-2014-9923	2017-06-29 16:55	2017-05-1	Show	GitHub Exploit DB Packet Storm

193798	6.4	警告 Local	Todd C. Miller	-	Todd Miller の Sudo の get_process_ttyname() 関数における情報を公開される脆弱性	CWE-20 不適切な入力確認	CVE-2017-1000367	2017-06-29 16:41	2017-05-30	Show	GitHub Exploit DB Packet Storm

193799	6.5	警告 Network	ImageMagick	-	ImageMagick の coders/psd.c の ReadPSDChannel 関数におけるメモリリークの脆弱性	CWE-119 バッファエラー	CVE-2017-9440	2017-06-29 16:35	2017-05-7	Show	GitHub Exploit DB Packet Storm

193800	6.5	警告 Network	ImageMagick	-	ImageMagick の coders/pdb.c の ReadPDBImage 関数におけるメモリリークの脆弱性	CWE-119 バッファエラー	CVE-2017-9439	2017-06-29 16:35	2017-05-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2021	-		-	-	DevGuard provides vulnerability management for the full software supply chain. Prior to 1.2.2, the SessionMiddleware accepts a client-supplied X-Admin-Token HTTP request header and uses its raw strin…	CWE-288 Authentication Bypass Using an Alternate Path or Channel	CVE-2026-42300	2026-05-14 03:24	2026-05-13	Show	GitHub Exploit DB Packet Storm

2022	-		-	-	Fides is an open-source privacy engineering platform. From 2.75.0 to before 2.83.2, Fides deployments that enable both subject identity verification and duplicate privacy request detection are affect…	CWE-288 CWE-306 CWE-841 Authentication Bypass Using an Alternate Path or Channel Missing Authentication for Critical Function Improper Enforcement of Behavioral Workflow	CVE-2026-42303	2026-05-14 03:24	2026-05-13	Show	GitHub Exploit DB Packet Storm

2023	4.3	MEDIUM Network	-	-	Kubewarden is a policy engine for Kubernetes. Prior to , An attacker with privileged AdmissionPolicy or AdmissionPolicyGroup create permissions (which isn't the default) can craft a policy that makes…	CWE-862 Missing Authorization	CVE-2026-42541	2026-05-14 03:24	2026-05-13	Show	GitHub Exploit DB Packet Storm

2024	8.8	HIGH Network	-	-	AntSword is a cross-platform website management toolkit. Prior to 2.1.16, incomplete noxss() sanitization leads to 1-click RCE via jquery.terminal format code injection. This vulnerability is fixed i…	CWE-79 CWE-94 CWE-1188 Cross-site Scripting Code Injection Insecure Default Initialization of Resource	CVE-2026-43892	2026-05-14 03:24	2026-05-13	Show	GitHub Exploit DB Packet Storm

2025	7.5	HIGH Network	-	-	phpseclib is a PHP secure communications library. Prior to 1.0.29, 2.0.54, and 3.0.52, anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc). This is a by…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-44167	2026-05-14 03:24	2026-05-13	Show	GitHub Exploit DB Packet Storm

2026	8.2	HIGH Network	-	-	ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address …	CWE-184 CWE-918 Incomplete Blacklist Server-Side Request Forgery (SSRF)	CVE-2026-43929	2026-05-14 03:24	2026-05-13	Show	GitHub Exploit DB Packet Storm

2027	3.8	LOW Network	hono	hono	Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows to…	CWE-1284 Improper Validation of Specified Quantity in Input	CVE-2026-44459	2026-05-14 03:21	2026-05-14	Show	GitHub Exploit DB Packet Storm

2028	9.1	CRITICAL Network	-	-	Pingvin Share X is a secure and easy self-hosted file sharing platform. From 1.14.1 to 1.16.2, a critical authentication bypass vulnerability allows an attacker who has obtained a valid username and …	CWE-287 CWE-697 Improper Authentication Incorrect Comparison	CVE-2026-44196	2026-05-14 03:21	2026-05-13	Show	GitHub Exploit DB Packet Storm

2029	9.1	CRITICAL Network	-	-	Relay adds real-time collaboration to Obsidian. Relay Server versions 0.9.0 through 0.9.6 contain an authentication bypass in the multi-document WebSocket endpoints. When authentication is configured…	CWE-639 CWE-863 Authorization Bypass Through User-Controlled Key Incorrect Authorization	CVE-2026-42889	2026-05-14 03:21	2026-05-13	Show	GitHub Exploit DB Packet Storm

2030	-		-	-	sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id …	CWE-93 CRLF Injection	CVE-2026-44217	2026-05-14 03:21	2026-05-13	Show	GitHub Exploit DB Packet Storm