Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
205781	6	警告	OpenStack	-	OpenStack Identity および keystonemiddleware の Identity サービスにおけるアクセス制限を回避される脆弱性	CWE-Other その他	CVE-2015-7546	2016-03-17 18:05	2015-12-15	Show	GitHub Exploit DB Packet Storm

205782	5	警告	シスコシステムズ	-	Cisco Policy Suite の password-management administration コンポーネントにおける RBAC 制限を回避される脆弱性	CWE-200 情報漏えい	CVE-2016-1357	2016-03-17 15:37	2016-03-2	Show	GitHub Exploit DB Packet Storm

205783	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer 7 から 11 の CAttrArray オブジェクトの実装における任意のコードを実行される脆弱性	CWE-Other その他	CVE-2015-6184	2016-03-17 14:43	2015-10-13	Show	GitHub Exploit DB Packet Storm

205784	7.8	危険	シスコシステムズ	-	Cisco ASA 5500 デバイス用コンテンツセキュリティ & コントロールセキュリティサービスモジュールの HTTPS 検査エンジンにおけるサービス運用妨害 (DoS) の脆弱性	CWE-119 CWE-399	CVE-2016-1312	2016-03-17 14:42	2016-03-9	Show	GitHub Exploit DB Packet Storm

205785	7.5	危険	Debian Canonical Novell Igor Sysoev	-	nginx のリゾルバにおけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2016-0746	2016-03-17 14:15	2016-01-26	Show	GitHub Exploit DB Packet Storm

205786	9	危険	IBM	-	IBM Tivoli Monitoring のポータルクライアントにおける権限を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2015-7411	2016-03-17 14:07	2015-09-29	Show	GitHub Exploit DB Packet Storm

205787	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2016-1010	2016-03-17 12:28	2016-03-10	Show	GitHub Exploit DB Packet Storm

205788	9.3	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2016-1005	2016-03-17 12:28	2016-03-10	Show	GitHub Exploit DB Packet Storm

205789	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2016-1002	2016-03-17 12:28	2016-03-10	Show	GitHub Exploit DB Packet Storm

205790	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2016-1001	2016-03-17 12:28	2016-03-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
521	7.7	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.34.8, the processUrlFile function in packages/server/src/automations/steps/ai/extract.ts uses fetch(fileUrl) directly without the IP blacklist… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45548	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

522	8.2	HIGH Network	-	-	Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the output, output-all, and debug fields in model.Options … New	CWE-73 CWE-306 CWE-434 External Control of File Name or Path Missing Authentication for Critical Function Unrestricted Upload of File with Dangerous Type	CVE-2026-45089	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

523	7.5	HIGH Network	-	-	Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is run in REST API server mode, the custom-payload-file field in model.Options is JSON-tag… New	CWE-73 CWE-306 CWE-552 External Control of File Name or Path Missing Authentication for Critical Function Files or Directories Accessible to External Parties	CVE-2026-45088	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

524	6.5	MEDIUM Network	-	-	Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This… New	CWE-863 Incorrect Authorization	CVE-2026-45081	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

525	7.5	HIGH Network	-	-	bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&… New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-45047	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

526	8.8	HIGH Network	-	-	elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolu… New	CWE-89 SQL Injection	CVE-2026-44521	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

527	9.3	CRITICAL Network	-	-	Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global… New	CWE-693 Protection Mechanism Failure	CVE-2026-44451	2026-05-28 03:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

528	-		-	-	Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such … New	CWE-407 Inefficient Algorithmic Complexity	CVE-2026-44378	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

529	8.8	HIGH Network	-	-	BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in… New	CWE-78 OS Command	CVE-2026-44345	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

530	-		-	-	Cinny is a Matrix client. Prior to 4.10.3, A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's clien… New	CWE-20 Improper Input Validation	CVE-2026-42553	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm