Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
203971 8.5 危険 サイボウズ - サイボウズ ガルーンにおいて任意の PHP コードが実行される複数の脆弱性 CWE-94
コード・インジェクション 		CVE-2015-5646
CVE-2015-5647 		2016-05-30 15:33 2015-10-7 Show GitHub Exploit DB Packet Storm
203972 7.5 重要
Network 		Kazu Yamamoto
Fedora Project		 - pgpdump の buffer.c の read_binary 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2016-4021 2016-05-30 14:07 2016-04-13 Show GitHub Exploit DB Packet Storm
203973 6.1 警告
Network 		フォーティネット - Fortinet FortiSandbox の Web ユーザインターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-7360 2016-05-30 13:43 2015-07-24 Show GitHub Exploit DB Packet Storm
203974 4.7 警告
Network 		CMS Made Simple - CMS Made Simple におけるキャッシュポイズニング攻撃を実行される脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2784 2016-05-30 13:37 2016-03-28 Show GitHub Exploit DB Packet Storm
203975 8.8 重要
Network 		シスコシステムズ - Cisco Prime Infrastructure および Evolved Programmable Network Manager の API Web インターフェースにおける RBAC 制限を回避される脆弱性 CWE-Other
その他 		CVE-2016-1406 2016-05-27 18:25 2016-05-23 Show GitHub Exploit DB Packet Storm
203976 7.5 重要
Network 		シスコシステムズ - Cisco Identity Services Engine の Active Directory 統合コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
CWE-287
CVE-2016-1402 2016-05-27 18:25 2016-05-17 Show GitHub Exploit DB Packet Storm
203977 6.1 警告
Network 		シスコシステムズ - Cisco Unified Computing System Central ソフトウェアの管理インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-1401 2016-05-27 18:25 2016-05-17 Show GitHub Exploit DB Packet Storm
203978 7.5 重要
Network 		シスコシステムズ - Cisco TelePresence Video Communications Server におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2016-1400 2016-05-27 18:25 2016-05-16 Show GitHub Exploit DB Packet Storm
203979 7.5 重要
Network 		シスコシステムズ - Cisco Web セキュリティ アプライアンスデバイス上で稼動する AsyncOS におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2016-1383 2016-05-27 18:25 2016-05-18 Show GitHub Exploit DB Packet Storm
203980 7.5 重要
Network 		シスコシステムズ - Cisco Web セキュリティ アプライアンスデバイス上で稼動する AsyncOS におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2016-1382 2016-05-27 18:25 2016-05-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
831 8.1 HIGH
Network 		dani-garcia vaultwarden Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's security_stamp is rotated by some security-sensitive operations (pass… Update CWE-613
 Insufficient Session Expiration 		CVE-2026-43911 2026-05-19 01:58 2026-05-12 Show GitHub Exploit DB Packet Storm
832 6.1 MEDIUM
Network 		gofiber fiber Fiber is a web framework for Go. Prior to 2.52.12 and 3.1.0, Cross-Site Scripting vulnerability in Go Fiber allows a remote attacker to inject arbitrary HTML/JavaScript by supplying Accept: text/html… Update CWE-79
Cross-site Scripting 		CVE-2026-42554 2026-05-19 01:50 2026-05-12 Show GitHub Exploit DB Packet Storm
833 5.3 MEDIUM
Network 		- - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-39608. Reason: This candidate is a reservation duplicate of CVE-2026-39608. Notes: All CVE users should reference … Update - CVE-2026-4663 2026-05-19 01:16 2026-05-12 Show GitHub Exploit DB Packet Storm
834 6.1 MEDIUM
Network 		- - fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. T… Update CWE-91
Blind XPath Injection 		CVE-2026-44665 2026-05-19 01:16 2026-05-14 Show GitHub Exploit DB Packet Storm
835 7.5 HIGH
Network 		- - Snappier is a high performance C# implementation of the Snappy compression algorithm. Prior to 1.3.1, Snappier.SnappyStream enters an uncatchable infinite loop when decompressing a malformed framed-f… Update CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2026-44302 2026-05-19 01:16 2026-05-13 Show GitHub Exploit DB Packet Storm
836 - - - efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, efw.file.FileManager.unZip writes zip entries to disk using new File(baseDir, zipEntry.getName()) with no canonical-path check. An entry … Update CWE-77
Command Injection 		CVE-2026-44257 2026-05-19 01:16 2026-05-13 Show GitHub Exploit DB Packet Storm
837 - - - DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0. Update CWE-791
 Incomplete Filtering of Special Elements 		CVE-2026-44232 2026-05-19 01:16 2026-05-13 Show GitHub Exploit DB Packet Storm
838 8.6 HIGH
Network 		vm2_project vm2 vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise construct… Update CWE-248
 Uncaught Exception 		CVE-2026-44001 2026-05-19 01:16 2026-05-14 Show GitHub Exploit DB Packet Storm
839 7.5 HIGH
Network 		- - Granian is a Rust HTTP server for Python applications. From 1.2.0 to 2.7.4, Granian aborts a worker process when an unauthenticated client sends a WebSocket upgrade request whose Sec-WebSocket-Protoc… Update CWE-20
CWE-248
CWE-400
 Improper Input Validation 
 Uncaught Exception
 Uncontrolled Resource Consumption 		CVE-2026-42544 2026-05-19 01:16 2026-05-13 Show GitHub Exploit DB Packet Storm
840 10.0 CRITICAL
Network 		- - ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard … Update CWE-94
Code Injection 		CVE-2026-42288 2026-05-19 01:16 2026-05-13 Show GitHub Exploit DB Packet Storm