Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
196321	6.7	警告 Local	シスコシステムズ	-	Cisco Unified Computing System Manager および Firepower 製品のデバッグプラグイン機能における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2017-6598	2017-05-12 15:57	2017-04-5	Show	GitHub Exploit DB Packet Storm

196322	7.8	重要 Local	シスコシステムズ	-	Cisco Unified Computing System Manager および Firepower 製品の local-mgmt CLI コマンドにおける OS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2017-6597	2017-05-12 15:57	2017-04-5	Show	GitHub Exploit DB Packet Storm

196323	5.3	警告 Network	シスコシステムズ	-	Cisco IOS XR の Google 定義のリモートプロシージャコール処理におけるリソース管理に関する脆弱性	CWE-399 リソース管理の問題	CVE-2017-6599	2017-05-12 15:52	2017-04-5	Show	GitHub Exploit DB Packet Storm

196324	6.5	警告 Adjacent	シスコシステムズ	-	Cisco ASR シリーズのデバイスにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2017-6603	2017-05-12 15:47	2017-04-5	Show	GitHub Exploit DB Packet Storm

196325	6.5	警告 Network	シスコシステムズ	-	Cisco Prime Infrastructure および Evolved Programmable Network Manager における情報漏えいに関する脆弱性	CWE-200 情報漏えい	CVE-2017-3884	2017-05-12 15:44	2017-04-5	Show	GitHub Exploit DB Packet Storm

196326	6.7	警告 Local	シスコシステムズ	-	Cisco Mobility Express 2800 および 3800 シリーズ Wireless LAN Controller における認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2016-9197	2017-05-12 15:44	2016-11-6	Show	GitHub Exploit DB Packet Storm

196327	6.7	警告 Local	シスコシステムズ	-	複数の Cisco Aironet プラットフォームにおける認可・権限・アクセス制御に関する脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2016-9196	2017-05-12 15:44	2016-11-6	Show	GitHub Exploit DB Packet Storm

196328	5.3	警告 Network	シスコシステムズ	-	Cisco Wireless LAN Controller のソフトウェアの RADIUS Change of Authorization におけるリソース管理に関する脆弱性	CWE-399 リソース管理の問題	CVE-2016-9195	2017-05-12 15:44	2016-11-6	Show	GitHub Exploit DB Packet Storm

196329	6.1	警告 Network	シスコシステムズ	-	Cisco Integrated Management Controller ソフトウェアにおけるリダイレクトされる脆弱性	CWE-601 オープンリダイレクト	CVE-2017-6604	2017-05-12 15:20	2017-04-5	Show	GitHub Exploit DB Packet Storm

196330	6.4	警告 Physics	シスコシステムズ	-	Cisco IOS XE ソフトウェアのスタートアップスクリプトにおける任意のコマンドを実行される脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2017-6606	2017-05-12 15:10	2017-04-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2461	-		-	-	Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42097	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2462	-		-	-	Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e…	CWE-603 Use of Client-Side Authentication	CVE-2026-42098	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2463	-		-	-	Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…	CWE-362 Race Condition	CVE-2026-42099	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2464	-		-	-	Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-42100	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2465	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2466	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2467	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2468	-		-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2469	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

2470	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm