Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
201191 7.2 危険 Google
Linux
ヒューレット・パッカード・エンタープライズ		 - Linux Kernel の security/keys/process_keys.c の join_session_keyring 関数における権限を取得される脆弱性 CWE-Other
その他 		CVE-2016-0728 2016-11-21 16:18 2016-01-31 Show GitHub Exploit DB Packet Storm
201192 9.3 危険 レッドハット
日立
オラクル		 - Oracle Java SE における Hotspot に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0636 2016-11-21 15:32 2016-03-23 Show GitHub Exploit DB Packet Storm
201193 5.9 警告
Network 		OpenSSL Project
日立		 - OpenSSL の SSLv2 の実装の s2_srvr.c のオラクル保護メカニズムにおける TLS 暗号文データを解読される脆弱性 CWE-200
情報漏えい 		CVE-2016-0704 2016-11-21 15:32 2016-03-1 Show GitHub Exploit DB Packet Storm
201194 9.8 緊急
Network 		Google
OpenSSL Project
オラクル		 - OpenSSL の crypto/dsa/dsa_ameth.c の dsa_priv_decode 関数におけるメモリ二重解放の脆弱性 CWE-Other
その他 		CVE-2016-0705 2016-11-21 15:32 2016-03-1 Show GitHub Exploit DB Packet Storm
201195 5.1 警告
Local 		OpenSSL Project
日立
オラクル		 - OpenSSL の crypto/bn/bn_exp.c の MOD_EXP_CTIME_COPY_FROM_PREBUF 関数における RSA の鍵を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-0702 2016-11-21 15:32 2016-03-1 Show GitHub Exploit DB Packet Storm
201196 4 警告 ヒューレット・パッカード
Debian
Canonical
Apache Software Foundation		 - Apache Tomcat における SecurityManager の制限を回避される脆弱性 CWE-200
情報漏えい 		CVE-2016-0706 2016-11-21 15:32 2016-01-5 Show GitHub Exploit DB Packet Storm
201197 10 危険 日立
Canonical
オラクル		 - Oracle Java SE および Java SE Embedded における 2D に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0494 2016-11-21 15:32 2016-01-19 Show GitHub Exploit DB Packet Storm
201198 10 危険 日立
Canonical
オラクル		 - 複数の Oracle Java 製品における AWT に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0483 2016-11-21 15:32 2016-01-19 Show GitHub Exploit DB Packet Storm
201199 5.8 警告 日立
オラクル		 - 複数の Oracle Java 製品における Libraries に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0475 2016-11-21 15:32 2016-01-19 Show GitHub Exploit DB Packet Storm
201200 5 警告 日立
Canonical
オラクル		 - 複数の Oracle Java 製品 における JAXP に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0466 2016-11-21 15:31 2016-01-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2171 6.8 MEDIUM
Network 		- - Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… CWE-22
CWE-73
Path Traversal
 External Control of File Name or Path 		CVE-2026-35593 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2172 6.8 MEDIUM
Network 		- - EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later… CWE-79
Cross-site Scripting 		CVE-2026-33741 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2173 6.5 MEDIUM
Network 		- - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … CWE-200
CWE-908
Information Exposure
 Use of Uninitialized Resource 		CVE-2026-32814 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2174 9.1 CRITICAL
Network 		- - API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt p… CWE-306
Missing Authentication for Critical Function 		CVE-2026-31071 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2175 9.8 CRITICAL
Network 		- - The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/… CWE-269
 Improper Privilege Management 		CVE-2026-31070 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2176 8.8 HIGH
Network 		- - BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpo… CWE-89
SQL Injection 		CVE-2026-31069 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2177 9.8 CRITICAL
Network 		- - scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-30118 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2178 9.8 CRITICAL
Network 		- - scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execut… CWE-94
Code Injection 		CVE-2026-30117 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2179 4.6 MEDIUM
Physics 		- - Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. A… CWE-1284
 Improper Validation of Specified Quantity in Input 		CVE-2025-15645 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
2180 6.5 MEDIUM
Network 		- - Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting inc… CWE-704
 Incorrect Type Conversion or Cast 		CVE-2023-7345 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm