Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
201791	6.5	警告 Network	オラクル	-	Oracle MySQL の MySQL Server における Server: Optimizer に関する脆弱性	CWE-noinfo 情報不足	CVE-2016-3492	2016-10-26 12:25	2016-10-18	Show	GitHub Exploit DB Packet Storm

201792	7.7	重要 Network	オラクル	-	Oracle Fusion Middleware の BI Publisher における Security に関する脆弱性	CWE-200 情報漏えい	CVE-2016-3473	2016-10-26 12:24	2016-10-18	Show	GitHub Exploit DB Packet Storm

201793	4.3	警告 Network	IBM	-	IBM WebSphere Application Server の管理コンソールにおける重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2016-0377	2016-10-25 18:01	2016-08-16	Show	GitHub Exploit DB Packet Storm

201794	7.8	重要 Local	IBM	-	IBM Security Guardium Database Activity Monitor におけるコマンド実行の管理者権限を取得される脆弱性	CWE-Other その他	CVE-2016-0328	2016-10-25 18:01	2016-10-3	Show	GitHub Exploit DB Packet Storm

201795	8.8	重要 Network	IBM	-	IBM Rational Quality Manager および Rational Collaborative Lifecycle Management における任意の OS コマンドを実行される脆弱性	CWE-Other その他	CVE-2016-0326	2016-10-25 18:01	2016-09-9	Show	GitHub Exploit DB Packet Storm

201796	7.8	重要 Local	IBM	-	IBM Security Guardium における重要な平文情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2016-0247	2016-10-25 18:01	2016-10-3	Show	GitHub Exploit DB Packet Storm

201797	6.1	警告 Network	IBM	-	IBM Security Guardium におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-0246	2016-10-25 18:01	2016-10-3	Show	GitHub Exploit DB Packet Storm

201798	4.3	警告 Network	IBM	-	IBM Security Guardium における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2016-0242	2016-10-25 18:01	2016-10-3	Show	GitHub Exploit DB Packet Storm

201799	8.8	重要 Network	IBM	-	IBM Security Guardium Database Activity Monitor における管理者アカウントになりすまされる脆弱性	CWE-Other その他	CVE-2016-0241	2016-10-25 18:01	2016-10-3	Show	GitHub Exploit DB Packet Storm

201800	3.7	低 Network	IBM	-	IBM Security Guardium Database Activity Monitor における重要な情報を取得される脆弱性	CWE-Other その他	CVE-2016-0240	2016-10-25 18:01	2016-10-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2461	-		-	-	Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL qu…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42097	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2462	-		-	-	Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e…	CWE-603 Use of Client-Side Authentication	CVE-2026-42098	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2463	-		-	-	Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…	CWE-362 Race Condition	CVE-2026-42099	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2464	-		-	-	Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-42100	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

2465	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2466	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2467	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2468	-		-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

2469	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

2470	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm