Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
198341 7.8 重要
Local 		Debian
The Perl Foundation
Fedora Project		 - Perl の XSLoader の XSLoader::load メソッドにおける任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2016-6185 2016-11-16 17:19 2016-07-3 Show GitHub Exploit DB Packet Storm
198342 8.8 重要
Network 		GNU Project
Canonical		 - GNU Wget における任意のファイルに書き込まれる脆弱性 CWE-Other
その他 		CVE-2016-4971 2016-11-16 17:19 2016-06-9 Show GitHub Exploit DB Packet Storm
198343 7.5 重要
Network 		Expat
Debian		 - Expat の XML パーサにおけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2016-5300 2016-11-16 17:19 2016-06-7 Show GitHub Exploit DB Packet Storm
198344 9.8 緊急
Network 		ImageMagick - ImageMagick の MagickCore/draw.c の DrawImage 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-4564 2016-11-16 17:19 2016-05-6 Show GitHub Exploit DB Packet Storm
198345 8.8 重要
Network 		ImageMagick - ImageMagick の MagickCore/draw.c の TraceStrokePolygon 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-4563 2016-11-16 17:19 2016-05-6 Show GitHub Exploit DB Packet Storm
198346 8.8 重要
Network 		ImageMagick - ImageMagick の MagickCore/draw.c の DrawDashPolygon 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-4562 2016-11-16 17:19 2016-05-6 Show GitHub Exploit DB Packet Storm
198347 6.8 警告 Debian
openSUSE project
Google		 - Google Chrome の Developer Tools サブシステムにおけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-1627 2016-11-16 16:32 2016-02-9 Show GitHub Exploit DB Packet Storm
198348 6.8 警告 Debian
openSUSE project
Google		 - Google Chrome で使用される Brotli の dec/decode.c の ProcessCommandsInternal 関数における整数アンダーフローの脆弱性 CWE-119
バッファエラー 		CVE-2016-1624 2016-11-16 16:32 2016-02-9 Show GitHub Exploit DB Packet Storm
198349 4.3 警告 Debian
openSUSE project
Google		 - Google Chrome の PDFium で使用される OpenJPEG の pi.c の opj_pi_update_decode_poc 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-1626 2016-11-16 16:32 2016-02-9 Show GitHub Exploit DB Packet Storm
198350 5.5 警告
Local 		Linux
オラクル		 - Linux Kernel のファイルシステムレイヤにおけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2016-6198 2016-11-16 16:10 2016-05-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
841 6.1 MEDIUM
Local 		- - CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all… New CWE-190
 Integer Overflow or Wraparound 		CVE-2026-42144 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
842 4.4 MEDIUM
Network 		- - PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows user… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42140 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
843 - - - Dify is an open-source LLM app development platform. Prior to version 1.13.1, using the method POST /api/files/upload, any unauthenticated user can upload an SVG file with XSS. The method POST /v1/fi… New CWE-79
Cross-site Scripting 		CVE-2026-42138 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
844 6.5 MEDIUM
Network 		- - titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr… New CWE-200
Information Exposure 		CVE-2026-42092 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
845 9.6 CRITICAL
Network 		- - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0-rc3, the Script Runner widget allows users to execute Py… New CWE-250
 Execution with Unnecessary Privileges 		CVE-2026-42088 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
846 4.6 MEDIUM
Network 		- - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to version 7.0.0, the Command Sender UI uses an unsafe eval() function on… New CWE-79
Cross-site Scripting 		CVE-2026-42086 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
847 4.3 MEDIUM
Network 		- - OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in… New CWE-23
 Relative Path Traversal 		CVE-2026-42085 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
848 8.1 HIGH
Network 		- - Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary… New CWE-22
Path Traversal 		CVE-2026-42075 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
849 5.3 MEDIUM
Network 		- - Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/… New CWE-285
Improper Authorization 		CVE-2026-41572 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm
850 9.4 CRITICAL
Network 		- - Note Mark is an open-source note-taking application. In version 0.19.2, IsPasswordMatch in backend/db/models.go falls back to a hard-coded bcrypt("null") placeholder whenever a user has no stored pas… New CWE-287
Improper Authentication 		CVE-2026-41571 2026-05-5 03:16 2026-05-5 Show GitHub Exploit DB Packet Storm