Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 24, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
204321 7.5 重要
Network 		The PHP Group - PHP の Zend/zend_exceptions.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2015-8873 2016-05-19 17:45 2015-08-6 Show GitHub Exploit DB Packet Storm
204322 5.9 警告
Network 		The PHP Group - PHP の ext/mysqlnd/mysqlnd.c におけるサーバになりすまされる脆弱性 CWE-Other
その他 		CVE-2015-8838 2016-05-19 17:45 2015-07-9 Show GitHub Exploit DB Packet Storm
204323 9.8 緊急
Network 		The PHP Group - PHP の ext/soap/php_http.c の make_http_soap_request 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-8835 2016-05-19 17:45 2015-08-6 Show GitHub Exploit DB Packet Storm
204324 7.5 重要
Network 		The PHP Group
xmlsoft.org		 - PHP の ext/xsl/xsltprocessor.c の xsl_ext_function_php 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-6838 2016-05-19 17:45 2015-09-3 Show GitHub Exploit DB Packet Storm
204325 7.5 重要
Network 		The PHP Group
xmlsoft.org		 - PHP の ext/xsl/xsltprocessor.c の xsl_ext_function_php 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-6837 2016-05-19 17:45 2015-09-3 Show GitHub Exploit DB Packet Storm
204326 9.8 緊急
Network 		The PHP Group - PHP のセッションデシリアライザにおける任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2015-6835 2016-05-19 17:45 2015-09-3 Show GitHub Exploit DB Packet Storm
204327 9.8 緊急
Network 		The PHP Group - PHP の ext/phar/phar_object.c の phar_convert_to_other 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2015-5589 2016-05-19 17:45 2015-07-9 Show GitHub Exploit DB Packet Storm
204328 7.5 重要
Network 		The PHP Group
file project		 - PHP の Fileinfo コンポーネントで使用される file の softmagic.c の mget 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2015-4604 2016-05-19 17:45 2015-04-16 Show GitHub Exploit DB Packet Storm
204329 7.5 重要
Network 		The PHP Group
file project		 - PHP の Fileinfo コンポーネントで使用される file におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2014-0236 2016-05-19 17:45 2014-08-28 Show GitHub Exploit DB Packet Storm
204330 9.8 緊急
Network 		The PHP Group - PHP における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2015-6834 2016-05-19 17:42 2015-09-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
471 - - - mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-cont… CWE-79
Cross-site Scripting 		CVE-2026-7460 2026-05-20 23:23 2026-05-20 Show GitHub Exploit DB Packet Storm
472 8.6 HIGH
Network 		tenable terrascan Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/sca… CWE-73
CWE-610
CWE-918
 External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere
Server-Side Request Forgery (SSRF)  		CVE-2026-47357 2026-05-20 23:23 2026-05-20 Show GitHub Exploit DB Packet Storm
473 7.5 HIGH
Network 		mozilla firefox
thunderbird 		Spoofing issue in WebExtensions. This vulnerability was fixed in Firefox 151 and Thunderbird 151. CWE-290
 Authentication Bypass by Spoofing 		CVE-2026-8960 2026-05-20 23:20 2026-05-19 Show GitHub Exploit DB Packet Storm
474 8.6 HIGH
Network 		tenable terrascan Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM … CWE-73
CWE-610
CWE-918
 External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere
Server-Side Request Forgery (SSRF)  		CVE-2026-47358 2026-05-20 23:18 2026-05-20 Show GitHub Exploit DB Packet Storm
475 6.5 MEDIUM
Network 		struktur libheif libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer und… CWE-125
CWE-476
Out-of-bounds Read
 NULL Pointer Dereference 		CVE-2026-32738 2026-05-20 23:17 2026-05-20 Show GitHub Exploit DB Packet Storm
476 6.5 MEDIUM
Network 		struktur libheif libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 1… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2026-32739 2026-05-20 23:17 2026-05-20 Show GitHub Exploit DB Packet Storm
477 6.1 MEDIUM
Network 		- - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 11.3.… CWE-79
Cross-site Scripting 		CVE-2026-6367 2026-05-20 23:17 2026-05-20 Show GitHub Exploit DB Packet Storm
478 6.1 MEDIUM
Network 		- - Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Drupal core allows Cross-Site Scripting (XSS). This issue affects Drupal core: from 8.0.0… CWE-79
Cross-site Scripting 		CVE-2026-6365 2026-05-20 23:17 2026-05-20 Show GitHub Exploit DB Packet Storm
479 6.1 MEDIUM
Network 		- - Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The html_filter function did not escape single quotes. HTML attributes inside of single quotes could… CWE-79
Cross-site Scripting 		CVE-2026-5090 2026-05-20 23:17 2026-05-20 Show GitHub Exploit DB Packet Storm
480 6.8 MEDIUM
Network 		- - Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… CWE-22
CWE-73
Path Traversal
 External Control of File Name or Path 		CVE-2026-35593 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm