Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
196531	5.3	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-9468	2017-04-26 18:48	2016-11-10	Show	GitHub Exploit DB Packet Storm

196532	6.1	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9466	2017-04-26 18:48	2016-11-10	Show	GitHub Exploit DB Packet Storm

196533	5.4	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9465	2017-04-26 18:48	2016-11-10	Show	GitHub Exploit DB Packet Storm

196534	4.3	警告 Network	Nextcloud	-	Nextcloud サーバにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2016-9464	2017-04-26 18:48	2016-10-10	Show	GitHub Exploit DB Packet Storm

196535	8.1	重要 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおける認証に関する脆弱性	CWE-287 不適切な認証	CVE-2016-9463	2017-04-26 18:48	2016-11-10	Show	GitHub Exploit DB Packet Storm

196536	4.3	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-9462	2017-04-26 18:48	2016-07-19	Show	GitHub Exploit DB Packet Storm

196537	4.3	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-9461	2017-04-26 18:48	2016-07-19	Show	GitHub Exploit DB Packet Storm

196538	5.3	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2016-9460	2017-04-26 18:48	2016-07-19	Show	GitHub Exploit DB Packet Storm

196539	6.1	警告 Network	ownCloud Nextcloud	-	Nextcloud サーバおよび ownCloud サーバにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-9459	2017-04-26 18:48	2016-07-19	Show	GitHub Exploit DB Packet Storm

196540	8.6	重要 Network	シスコシステムズ	-	Cisco IOS および Cisco IOS XE の DHCP クライアントの実装におけるリソース管理に関する脆弱性	CWE-399 リソース管理の問題	CVE-2017-3864	2017-04-26 18:28	2017-03-22	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2191	8.8	HIGH Network	arubanetworks	arubaos sd-wan	Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo…	CWE-77 Command Injection	CVE-2026-44868	2026-05-15 03:17	2026-05-13	Show	GitHub Exploit DB Packet Storm

2192	8.1	HIGH Network	-	-	azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke…	CWE-208 CWE-287 CWE-290 CWE-294 CWE-347 Information Exposure Through Timing Discrepancy Improper Authentication Authentication Bypass by Spoofing Authentication Bypass by Capture-replay Improper Verification of Cryptographic Signature	CVE-2026-42602	2026-05-15 03:17	2026-05-14	Show	GitHub Exploit DB Packet Storm

2193	-		-	-	The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he…	CWE-22 CWE-601 Path Traversal Open Redirect	CVE-2026-44437	2026-05-15 03:17	2026-05-14	Show	GitHub Exploit DB Packet Storm

2194	-		-	-	PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-44439	2026-05-15 03:17	2026-05-14	Show	GitHub Exploit DB Packet Storm

2195	4.3	MEDIUM Network	-	-	Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi…	CWE-863 Incorrect Authorization	CVE-2026-44374	2026-05-15 03:17	2026-05-15	Show	GitHub Exploit DB Packet Storm

2196	9.8	CRITICAL Network	-	-	Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o…	CWE-78 OS Command	CVE-2026-8500	2026-05-15 03:16	2026-05-14	Show	GitHub Exploit DB Packet Storm

2197	-		-	-	CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.	CWE-331 Insufficient Entropy	CVE-2026-4827	2026-05-15 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

2198	7.7	HIGH Network	getgrav	grav	Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer…	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2026-44738	2026-05-15 03:16	2026-05-12	Show	GitHub Exploit DB Packet Storm

2199	2.5	LOW Local	-	-	PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin…	CWE-415 Double Free	CVE-2026-44348	2026-05-15 03:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2200	-		-	-	STIGQter is an open-source reimplementation of DISA's STIG Viewer. From 0.1.2 to before 1.2.7, an attacker can achieve local code execution (LCE) with the privileges of the user running STIGQter. Thi…	CWE-22 CWE-73 Path Traversal External Control of File Name or Path	CVE-2026-42881	2026-05-15 03:16	2026-05-15	Show	GitHub Exploit DB Packet Storm