Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
197361 9.1 緊急
Network 		LibTIFF - libtiff の tif_read.c の TIFFReadRawStrip1 および TIFFReadRawTile1 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-189
数値処理の問題 		CVE-2016-6223 2017-02-7 10:21 2016-07-13 Show GitHub Exploit DB Packet Storm
197362 7.5 重要
Network 		AppNeta - tcpreplay の tcprewrite におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2016-6160 2017-02-7 10:05 2016-07-7 Show GitHub Exploit DB Packet Storm
197363 7.5 重要
Network 		Cake Software Foundation - CakePHP の clientIp 関数における IP を偽装される脆弱性 CWE-20
不適切な入力確認 		CVE-2016-4793 2017-02-7 09:58 2016-03-13 Show GitHub Exploit DB Packet Storm
197364 6.1 警告
Network 		TYPO3 Association - TYPO3 のバックエンドコンポーネントにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-4056 2017-02-7 09:48 2016-02-23 Show GitHub Exploit DB Packet Storm
197365 9.8 緊急
Network 		LANDesk - Landesk Management Suite の collector.exe のリスナーにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2016-3147 2017-02-6 17:45 2016-10-14 Show GitHub Exploit DB Packet Storm
197366 9.8 緊急
Network 		Exponent CMS project - Exponent CMS における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2016-2242 2017-02-6 17:43 2016-01-23 Show GitHub Exploit DB Packet Storm
197367 9.8 緊急
Network 		LHa for UNIX project - LHA の header.c における整数アンダーフローの脆弱性 CWE-191
整数アンダーフロー 		CVE-2016-1925 2017-02-6 17:41 2016-01-16 Show GitHub Exploit DB Packet Storm
197368 7.5 重要
Network 		OneLogin, Inc. - Ruby-saml における XML 署名ラッピング攻撃を実行される脆弱性 CWE-91
ブラインド XPath インジェクション 		CVE-2016-5697 2017-02-6 17:41 2016-06-24 Show GitHub Exploit DB Packet Storm
197369 8.8 重要
Network 		Snort.org - Snort における任意のコードを実行される脆弱性 CWE-426
信頼性のない検索パス 		CVE-2016-1417 2017-02-6 17:40 2016-09-29 Show GitHub Exploit DB Packet Storm
197370 8.8 重要
Network 		elfden - WordPress 用 eShop プラグインの eshop-orders.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2016-0769 2017-02-6 17:34 2016-02-2 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
341 4.4 MEDIUM
Local 		vmware spring_cloud_config When enabling trace logging in Spring Cloud Config Server sensitive information was placed in plain text in the logs. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrad… Update CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2026-41004 2026-05-13 01:52 2026-05-7 Show GitHub Exploit DB Packet Storm
342 8.8 HIGH
Network 		nocobase nocobase NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package co… Update CWE-89
SQL Injection 		CVE-2026-41640 2026-05-13 01:51 2026-05-7 Show GitHub Exploit DB Packet Storm
343 4.6 MEDIUM
Network 		- - Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove <style> tags … New CWE-79
Cross-site Scripting 		CVE-2026-42857 2026-05-13 01:50 2026-05-12 Show GitHub Exploit DB Packet Storm
344 8.5 HIGH
Network 		- - The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42860 2026-05-13 01:50 2026-05-12 Show GitHub Exploit DB Packet Storm
345 5.3 MEDIUM
Network 		- - Plack::Middleware::Statsd versions before 0.9.0 for Perl may leak user IP addresses. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host o… New CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-45179 2026-05-13 01:48 2026-05-11 Show GitHub Exploit DB Packet Storm
346 7.5 HIGH
Network 		- - Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on ano… New CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-45180 2026-05-13 01:48 2026-05-11 Show GitHub Exploit DB Packet Storm
347 6.5 MEDIUM
Network 		- - Net::CIDR::Lite versions before 0.24 for Perl does not properly validate IP address and CIDR mask inputs, which may allow IP ACL bypass. Inputs containing a trailing newline or non-ASCII digit chara… New CWE-1289
 Improper Validation of Unsafe Equivalence in Input 		CVE-2026-45190 2026-05-13 01:48 2026-05-11 Show GitHub Exploit DB Packet Storm
348 6.5 MEDIUM
Network 		- - Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio… New CWE-1289
 Improper Validation of Unsafe Equivalence in Input 		CVE-2026-45191 2026-05-13 01:48 2026-05-11 Show GitHub Exploit DB Packet Storm
349 7.5 HIGH
Network 		- - XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT… New CWE-125
Out-of-bounds Read 		CVE-2026-8177 2026-05-13 01:48 2026-05-11 Show GitHub Exploit DB Packet Storm
350 6.5 MEDIUM
Network 		- - WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function… New CWE-338
CWE-340
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
 Generation of Predictable Numbers or Identifiers 		CVE-2026-5084 2026-05-13 01:48 2026-05-11 Show GitHub Exploit DB Packet Storm