Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 15, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
196961 5.3 警告
Network 		シスコシステムズ - Cisco Intrusion Prevention System Device Manager の Web ベースの管理インターフェースにおける重要な情報を表示される脆弱性 CWE-200
情報漏えい 		CVE-2017-3842 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196962 7.5 重要
Network 		シスコシステムズ - Cisco Secure Access Control System の Web インターフェースにおける重要な情報を公開される脆弱性 CWE-200
情報漏えい 		CVE-2017-3841 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196963 6.1 警告
Network 		シスコシステムズ - Cisco Secure Access Control System の Web インターフェースにおけるオープンリダイレクトの脆弱性 CWE-601
オープンリダイレクト 		CVE-2017-3840 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196964 4.3 警告
Network 		シスコシステムズ - Cisco Secure Access Control System の Web ベースのユーザインターフェースにおける XML 外部エンティティの脆弱性 CWE-20
不適切な入力確認 		CVE-2017-3839 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196965 6.1 警告
Network 		シスコシステムズ - Cisco Secure Access Control System における DOM ベースのクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-3838 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196966 8.1 重要
Network 		シスコシステムズ - Cisco Meeting Server の Web Bridge インターフェースにおけるメモリの内容を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2017-3837 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196967 6.1 警告
Network 		シスコシステムズ - Cisco Unified Communications Manager の serviceability ページにおける反射型クロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2017-3821 2017-03-10 16:02 2017-02-15 Show GitHub Exploit DB Packet Storm
196968 5.5 警告
Local 		icoutils project - icoutils の extract.c ソースファイルの simple_vec 関数におけるバッファオーバーフローの脆弱性 CWE-125
境界外読み取り 		CVE-2017-6011 2017-03-10 16:01 2017-02-3 Show GitHub Exploit DB Packet Storm
196969 5.5 警告
Local 		icoutils project - icoutils の extract.c ソースファイルの extract_icons 関数におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2017-6010 2017-03-10 16:01 2017-02-3 Show GitHub Exploit DB Packet Storm
196970 5.5 警告
Local 		icoutils project - icoutils の restable.c ソースファイルの decode_ne_resource_id 関数におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2017-6009 2017-03-10 16:01 2017-02-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
881 5.4 MEDIUM
Network 		- - The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxono… Update CWE-79
Cross-site Scripting 		CVE-2026-42842 2026-05-14 01:04 2026-05-12 Show GitHub Exploit DB Packet Storm
882 - - - grav-plugin-admin is the admin plugin for Grav is an HTML user interface that provides a convenient way to configure Grav and easily create and modify pages. Prior to 1.10.49.5, the application fails… Update CWE-79
Cross-site Scripting 		CVE-2026-44737 2026-05-14 01:04 2026-05-12 Show GitHub Exploit DB Packet Storm
883 8.8 HIGH
Network 		- - Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct… Update CWE-863
 Incorrect Authorization 		CVE-2026-42843 2026-05-14 01:04 2026-05-12 Show GitHub Exploit DB Packet Storm
884 - - - pupnp is an SDK for development of UPnP device and control point applications. Prior to version 1.18.5, pupnp is vulnerable to SRRF port confusion due to port truncation via atoi() cast in parse_uri(… Update CWE-195
CWE-918
 Signed to Unsigned Conversion Error
Server-Side Request Forgery (SSRF)  		CVE-2026-41682 2026-05-14 01:01 2026-05-9 Show GitHub Exploit DB Packet Storm
885 10.0 CRITICAL
Network 		- - openvpn-auth-oauth2 is a plugin/management interface client for OpenVPN server to handle an OIDC based single sign-on (SSO) auth flows. From version 1.26.3 to before version 1.27.3, when openvpn-auth… Update CWE-287
Improper Authentication 		CVE-2026-41070 2026-05-14 01:00 2026-05-9 Show GitHub Exploit DB Packet Storm
886 9.1 CRITICAL
Network 		- - Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulne… Update CWE-290
 Authentication Bypass by Spoofing 		CVE-2026-42354 2026-05-14 00:59 2026-05-9 Show GitHub Exploit DB Packet Storm
887 10.0 CRITICAL
Network 		- - Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows a… Update CWE-94
Code Injection 		CVE-2026-42298 2026-05-14 00:58 2026-05-9 Show GitHub Exploit DB Packet Storm
888 6.5 MEDIUM
Network 		- - Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner… Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42346 2026-05-14 00:58 2026-05-9 Show GitHub Exploit DB Packet Storm
889 8.9 HIGH
Network 		- - Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow… Update CWE-79
Cross-site Scripting 		CVE-2026-42556 2026-05-14 00:58 2026-05-9 Show GitHub Exploit DB Packet Storm
890 - - - Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled Gra… Update CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-42793 2026-05-14 00:57 2026-05-9 Show GitHub Exploit DB Packet Storm