Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
203431 4.3 警告
Network 		トレンドマイクロ - 企業向けウイルスバスター製品におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2016-1223 2016-06-22 17:53 2016-05-25 Show GitHub Exploit DB Packet Storm
203432 7.5 重要
Network 		Fonality - Fonality の Chrome HUDWeb プラグインにおける暗号保護メカニズムを破られる脆弱性 CWE-310
CWE-Other
CVE-2016-2364 2016-06-22 17:17 2016-06-1 Show GitHub Exploit DB Packet Storm
203433 7.8 重要
Local 		Fonality - Fonality における不特定のコマンド実行の root アクセス権を取得される脆弱性 CWE-264
CWE-Other
CVE-2016-2363 2016-06-22 17:17 2016-06-1 Show GitHub Exploit DB Packet Storm
203434 9.8 緊急
Network 		Fonality - Fonality におけるアクセス権を取得される脆弱性 CWE-Other
CWE-Other
CVE-2016-2362 2016-06-22 17:17 2016-06-1 Show GitHub Exploit DB Packet Storm
203435 7.5 重要
Network 		ネットギア - NETGEAR D3600 および D6000 デバイスのファームウェアのパスワード回復機能における平文の管理者パスワードを取得される脆弱性 CWE-200
CWE-255
CVE-2015-8289 2016-06-22 16:28 2015-11-19 Show GitHub Exploit DB Packet Storm
203436 5.9 警告
Network 		ネットギア - NETGEAR D3600 および D6000 デバイスのファームウェアにおける暗号保護メカニズムを破られる脆弱性 CWE-Other
その他 		CVE-2015-8288 2016-06-22 16:28 2015-11-19 Show GitHub Exploit DB Packet Storm
203437 6.5 警告
Network 		OSIsoft - OSIsoft PI AF Server におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2016-4518 2016-06-22 15:31 2016-06-14 Show GitHub Exploit DB Packet Storm
203438 8 重要
Network 		- HPE Service Manager ソフトウェアにおける重要な情報を取得される脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2016-4371 2016-06-22 14:47 2016-06-8 Show GitHub Exploit DB Packet Storm
203439 7.7 重要
Network 		Moxa Inc. - Moxa PT-7728 デバイスのソフトウェアにおける設定を変更される脆弱性 CWE-Other
その他 		CVE-2016-4514 2016-06-22 14:06 2016-06-16 Show GitHub Exploit DB Packet Storm
203440 4.3 警告
Network 		アップル - Apple iOS および Safari などで使用される WebKit の XSS Auditor における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2016-1864 2016-06-22 13:41 2016-03-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1301 6.5 MEDIUM
Network 		open5gs open5gs A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial… CWE-404
 Improper Resource Shutdown or Release 		CVE-2026-8291 2026-05-15 03:19 2026-05-12 Show GitHub Exploit DB Packet Storm
1302 8.8 HIGH
Network 		arubanetworks arubaos
sd-wan 		Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… CWE-77
Command Injection 		CVE-2026-44868 2026-05-15 03:17 2026-05-13 Show GitHub Exploit DB Packet Storm
1303 8.1 HIGH
Network 		- - azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke… CWE-208
CWE-287
CWE-290
CWE-294
CWE-347
 Information Exposure Through Timing Discrepancy
Improper Authentication
 Authentication Bypass by Spoofing
Authentication Bypass by Capture-replay 
 Improper Verification of Cryptographic Signature 		CVE-2026-42602 2026-05-15 03:17 2026-05-14 Show GitHub Exploit DB Packet Storm
1304 - - - The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he… CWE-22
CWE-601
Path Traversal
Open Redirect 		CVE-2026-44437 2026-05-15 03:17 2026-05-14 Show GitHub Exploit DB Packet Storm
1305 - - - PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44439 2026-05-15 03:17 2026-05-14 Show GitHub Exploit DB Packet Storm
1306 4.3 MEDIUM
Network 		- - Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi… CWE-863
 Incorrect Authorization 		CVE-2026-44374 2026-05-15 03:17 2026-05-15 Show GitHub Exploit DB Packet Storm
1307 9.8 CRITICAL
Network 		- - Web::Passwd versions through 0.03 for Perl is vulnerable to RCE. Web::Passwd is a small CGI application for managing htpasswd files using the htpasswd command. The user parameter is not validated o… CWE-78
OS Command  		CVE-2026-8500 2026-05-15 03:16 2026-05-14 Show GitHub Exploit DB Packet Storm
1308 - - - CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections. CWE-331
 Insufficient Entropy 		CVE-2026-4827 2026-05-15 03:16 2026-05-12 Show GitHub Exploit DB Packet Storm
1309 7.7 HIGH
Network 		getgrav grav Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call config.toArray() from within a page body, dumping the entire mer… CWE-200
NVD-CWE-noinfo
Information Exposure 		CVE-2026-44738 2026-05-15 03:16 2026-05-12 Show GitHub Exploit DB Packet Storm
1310 2.5 LOW
Local 		- - PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in compute_hash_to_sign() in src/podofo/private/OpenSSLInternal_Ripped.cpp. If EVP_DigestFin… CWE-415
 Double Free 		CVE-2026-44348 2026-05-15 03:16 2026-05-15 Show GitHub Exploit DB Packet Storm