Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 7, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
194811 7.8 重要
Local 		マイクロソフト - 複数の Microsoft Windows 製品の Helppane.exe の DCOM オブジェクトにおける権限昇格の脆弱性 CWE-287
不適切な認証 		CVE-2017-0100 2017-03-22 14:20 2017-03-14 Show GitHub Exploit DB Packet Storm
194812 4.3 警告
Network 		マイクロソフト - 複数の Microsoft Windows 製品の DNS クライアントにおける重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2017-0057 2017-03-22 14:20 2017-03-14 Show GitHub Exploit DB Packet Storm
194813 7.8 重要
Local 		マイクロソフト - Microsoft Windows Vista および Windows Server 2008 における権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-0039 2017-03-22 14:20 2017-03-14 Show GitHub Exploit DB Packet Storm
194814 5.5 警告
Local 		マイクロソフト - Microsoft Windows 10 および Windows Server 2016 の Device Guard における PowerShell スクリプトを変更される脆弱性 CWE-20
不適切な入力確認 		CVE-2017-0007 2017-03-22 14:20 2017-03-14 Show GitHub Exploit DB Packet Storm
194815 7 重要
Local 		マイクロソフト - 複数の Microsoft Windows 製品のカーネル API における権限昇格の脆弱性 CWE-119
バッファエラー 		CVE-2017-0103 2017-03-22 14:15 2017-03-14 Show GitHub Exploit DB Packet Storm
194816 7.8 重要
Local 		マイクロソフト - 複数の Microsoft Windows 製品における権限昇格の脆弱性 CWE-119
バッファエラー 		CVE-2017-0102 2017-03-22 14:15 2017-03-14 Show GitHub Exploit DB Packet Storm
194817 7.8 重要
Local 		マイクロソフト - 複数の Microsoft Windows 製品のトランザクション マネージャのカーネルモードドライバにおける権限昇格の脆弱性 CWE-119
バッファエラー 		CVE-2017-0101 2017-03-22 14:15 2017-03-14 Show GitHub Exploit DB Packet Storm
194818 5.4 警告
Adjacent 		マイクロソフト - 複数の Microsoft Windows 製品の Hyper-V におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2017-0097 2017-03-22 13:45 2017-03-14 Show GitHub Exploit DB Packet Storm
194819 5.4 警告
Adjacent 		マイクロソフト - 複数の Microsoft Windows 製品の Hyper-V におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2017-0076 2017-03-22 13:45 2017-03-14 Show GitHub Exploit DB Packet Storm
194820 5.4 警告
Adjacent 		マイクロソフト - 複数の Microsoft Windows 製品の Hyper-V におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2017-0074 2017-03-22 13:45 2017-03-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
841 6.1 MEDIUM
Local 		- - CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all… New CWE-190
 Integer Overflow or Wraparound 		CVE-2026-42144 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
842 4.4 MEDIUM
Network 		- - PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows user… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42140 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
843 - - - Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi… New CWE-79
Cross-site Scripting 		CVE-2026-42138 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
844 6.5 MEDIUM
Network 		- - titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr… New CWE-200
Information Exposure 		CVE-2026-42092 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
845 9.6 CRITICAL
Network 		- - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py… New CWE-250
 Execution with Unnecessary Privileges 		CVE-2026-42088 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
846 4.6 MEDIUM
Network 		- - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on… New CWE-79
Cross-site Scripting 		CVE-2026-42086 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
847 4.3 MEDIUM
Network 		- - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in… New CWE-23
 Relative Path Traversal 		CVE-2026-42085 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
848 8.1 HIGH
Network 		- - Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary… New CWE-22
Path Traversal 		CVE-2026-42075 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
849 5.3 MEDIUM
Network 		- - Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/… New CWE-285
Improper Authorization 		CVE-2026-41572 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
850 9.4 CRITICAL
Network 		- - Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored pas… New CWE-287
Improper Authentication 		CVE-2026-41571 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm