Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 20, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
201841 7.8 重要
Local 		マイクロソフト - 複数の Microsoft 製品における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-3357 2016-09-16 12:21 2016-09-13 Show GitHub Exploit DB Packet Storm
201842 4.7 警告
Local 		トレンドマイクロ - ウイルスバスター クラウドにおける検索対象に関する脆弱性 CWE-Other
その他 		- 2016-09-16 12:19 2016-09-16 Show GitHub Exploit DB Packet Storm
201843 8.8 重要
Network 		マイクロソフト - Microsoft Silverlight の StringBuilder における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-3367 2016-09-16 11:44 2016-09-13 Show GitHub Exploit DB Packet Storm
201844 8.8 重要
Network 		マイクロソフト - 複数の Microsoft Windows 製品の SMBv1 サーバにおける任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2016-3345 2016-09-16 11:34 2016-09-13 Show GitHub Exploit DB Packet Storm
201845 3.3
Local 		マイクロソフト - Microsoft Windows 10 の保護カーネルモード機能における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-3344 2016-09-16 11:34 2016-09-13 Show GitHub Exploit DB Packet Storm
201846 6.3 警告
Physics 		マイクロソフト - 複数の Microsoft Windows 製品における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-3302 2016-09-16 11:34 2016-09-13 Show GitHub Exploit DB Packet Storm
201847 7.4 重要
Network 		マイクロソフト - Microsoft Exchange Server 2013 および 2016 におけるオープンリダイレクトの脆弱性 CWE-20
不適切な入力確認 		CVE-2016-3378 2016-09-16 11:15 2016-09-13 Show GitHub Exploit DB Packet Storm
201848 7.5 重要
Network 		マイクロソフト - 複数の Microsoft 製品の OLE オートメーションのメカニズムおよび VBScript スクリプトエンジンにおける任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-3375 2016-09-16 10:26 2016-09-13 Show GitHub Exploit DB Packet Storm
201849 7.8 重要
Local 		マイクロソフト - 複数の Microsoft Excel 製品および Office 互換機能パックにおける任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2016-3381 2016-09-15 18:14 2016-09-13 Show GitHub Exploit DB Packet Storm
201850 6.5 警告
Network 		マイクロソフト - 複数の Microsoft Outlook 製品におけるウィルスまたはスパムの検出を回避される脆弱性 CWE-Other
その他 		CVE-2016-3366 2016-09-15 18:14 2016-09-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1931 7.3 HIGH
Network 		- - Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using Magic Link or Pass Key methods. This bypasses the intended security … CWE-863
 Incorrect Authorization 		CVE-2025-10908 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1932 5.3 MEDIUM
Network 		- - In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses… CWE-74
Injection 		CVE-2025-8154 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1933 6.3 MEDIUM
Network 		- - The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This… CWE-281
 Improper Preservation of Permissions 		CVE-2025-8325 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1934 8.6 HIGH
Network 		- - The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control, leading to uncontrolled memory usage growth. This vulnerabilit… CWE-400
 Uncontrolled Resource Consumption 		CVE-2025-10470 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1935 6.4 MEDIUM
Adjacent 		- - Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.… CWE-284
CWE-863
Improper Access Control
 Incorrect Authorization 		CVE-2025-9973 2026-05-14 00:25 2026-05-11 Show GitHub Exploit DB Packet Storm
1936 6.1 MEDIUM
Local 		- - Issuing an ICMP ping via the `net ping` shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the d… CWE-674
 Uncontrolled Recursion 		CVE-2026-1681 2026-05-14 00:25 2026-05-12 Show GitHub Exploit DB Packet Storm
1937 8.3 HIGH
Network 		- - Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/use… CWE-269
 Improper Privilege Management 		CVE-2026-42562 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1938 - - - Pelican is a platform for creating data federations. From versions 7.21.0 to before 7.21.5, 7.22.0 to before 7.22.3, 7.23.0 to before 7.23.3, and 7.24.0 to before 7.24.2, there is a a privilege escal… CWE-863
 Incorrect Authorization 		CVE-2026-42571 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1939 7.5 HIGH
Network 		- - apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a crafted .apk could install a TypeSymlink tar entry whose target poi… CWE-22
CWE-59
Path Traversal
Link Following 		CVE-2026-42574 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm
1940 6.5 MEDIUM
Network 		- - apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, DiscoverKeys in pkg/apk/apk/implementation.go unconditionally type-asserts JWKS keys as *r… CWE-704
 Incorrect Type Conversion or Cast 		CVE-2026-42576 2026-05-14 00:23 2026-05-10 Show GitHub Exploit DB Packet Storm