Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 28, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
197081 8.8 重要
Network 		meteocontrol - 複数の Meteocontrol WEB'log 製品におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2016-4504 2017-04-20 15:31 2016-05-12 Show GitHub Exploit DB Packet Storm
197082 9.8 緊急
Network 		OpenStack - OpenStack Nova におけるログファイルからの情報漏えいに関する脆弱性 CWE-532
ログファイルからの情報漏えい 		CVE-2017-7214 2017-04-20 15:30 2017-03-21 Show GitHub Exploit DB Packet Storm
197083 8.8 重要
Network 		cloudflare-scrape project - cloudflare-scrape におけるセキュリティ機能に関する脆弱性 CWE-254
セキュリティ機能 		CVE-2017-7235 2017-04-20 15:22 2017-03-23 Show GitHub Exploit DB Packet Storm
197084 6.1 警告
Network 		Novell - Novell GroupWise におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-9169 2017-04-20 15:21 2016-12-7 Show GitHub Exploit DB Packet Storm
197085 5.5 警告
Local 		ImageMagick - ImageMagick におけるサービス運用妨害 (DoS) の脆弱性 CWE-189
数値処理の問題 		CVE-2014-9915 2017-04-20 13:29 2014-10-29 Show GitHub Exploit DB Packet Storm
197086 5.5 警告
Local 		ImageMagick - ImageMagick におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2014-9840 2017-04-20 13:29 2014-12-24 Show GitHub Exploit DB Packet Storm
197087 7.5 重要
Network 		ImageMagick - ImageMagick の magick/colormap-private.h におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2014-9839 2017-04-20 13:29 2014-12-24 Show GitHub Exploit DB Packet Storm
197088 5.5 警告
Local 		ImageMagick - ImageMagick の magick/cache.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2014-9838 2017-04-20 13:29 2014-12-24 Show GitHub Exploit DB Packet Storm
197089 5.5 警告
Local 		ImageMagick - ImageMagick におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2014-9836 2017-04-20 13:29 2014-12-24 Show GitHub Exploit DB Packet Storm
197090 7.8 重要
Local 		ImageMagick - ImageMagick におけるヒープオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2014-9835 2017-04-20 11:59 2014-12-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1821 6.8 MEDIUM
Network 		- - Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… CWE-22
CWE-73
Path Traversal
 External Control of File Name or Path 		CVE-2026-35593 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1822 6.8 MEDIUM
Network 		- - EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later… CWE-79
Cross-site Scripting 		CVE-2026-33741 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1823 6.5 MEDIUM
Network 		- - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … CWE-200
CWE-908
Information Exposure
 Use of Uninitialized Resource 		CVE-2026-32814 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1824 9.1 CRITICAL
Network 		- - API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt p… CWE-306
Missing Authentication for Critical Function 		CVE-2026-31071 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1825 9.8 CRITICAL
Network 		- - The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/… CWE-269
 Improper Privilege Management 		CVE-2026-31070 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1826 8.8 HIGH
Network 		- - BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpo… CWE-89
SQL Injection 		CVE-2026-31069 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1827 9.8 CRITICAL
Network 		- - scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-30118 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1828 9.8 CRITICAL
Network 		- - scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execut… CWE-94
Code Injection 		CVE-2026-30117 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1829 4.6 MEDIUM
Physics 		- - Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. A… CWE-1284
 Improper Validation of Specified Quantity in Input 		CVE-2025-15645 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1830 6.5 MEDIUM
Network 		- - Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting inc… CWE-704
 Incorrect Type Conversion or Cast 		CVE-2023-7345 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm