Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 1, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2051	5.4	警告 Network	lfprojects	mlflow	lfprojectsのmlflowにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-33865	2026-04-21 10:43	2026-04-7	Show	GitHub Exploit DB Packet Storm

2052	4.3	警告 Network	lfprojects	mlflow	lfprojectsのmlflowにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-33866	2026-04-21 10:43	2026-04-7	Show	GitHub Exploit DB Packet Storm

2053	9.1	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAIにおける信頼できない制御領域からの機能の組み込みに関する脆弱性	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2026-40313	2026-04-21 10:43	2026-04-14	Show	GitHub Exploit DB Packet Storm

2054	6.5	警告 Network	PAC4J	pac4j	PAC4Jのpac4jにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-40458	2026-04-21 10:43	2026-04-17	Show	GitHub Exploit DB Packet Storm

2055	8.8	重要 Network	PAC4J	pac4j	PAC4Jのpac4jにおけるLDAP インジェクションの脆弱性	CWE-90 LDAP インジェクション	CVE-2026-40459	2026-04-21 10:43	2026-04-17	Show	GitHub Exploit DB Packet Storm

2056	7.8	重要 Local	Rubicon Communications, LLC (Netgate).	NETGATE Registry Cleaner	Rubicon Communications, LLC (Netgate).のNETGATE Registry Cleanerにおける引用されない検索パスまたは要素に関する脆弱性	CWE-428 引用されない検索パスまたは要素	CVE-2016-20057	2026-04-21 10:43	2026-04-4	Show	GitHub Exploit DB Packet Storm

2057	6.1	警告 Network	Thank You/Like System project	Thank You/Like System	MyBB GroupのThank You/Like Systemにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-25247	2026-04-21 10:43	2026-04-4	Show	GitHub Exploit DB Packet Storm

2058	6.1	警告 Network	MyBB Group	MyBB Last User's Threads	MyBB GroupのMyBB Last User's Threadsにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-25250	2026-04-21 10:43	2026-04-4	Show	GitHub Exploit DB Packet Storm

2059	5.5	警告 Local	AnyBurn	AnyBurn	AnyBurnにおける再利用前に削除されていないリソース内重要情報に関する脆弱性	CWE-226 再利用前に削除されていないリソース内重要情報	CVE-2019-25657	2026-04-21 10:43	2026-04-5	Show	GitHub Exploit DB Packet Storm

2060	5.5	警告 Local	Hainsoft.com	LanHelper	Hainsoft.comのLanHelperにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2019-25660	2026-04-21 10:43	2026-04-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 1, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
371	5.5	MEDIUM Local	foxit	pdf_editor pdf_reader	A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. Update	CWE-416 Use After Free	CVE-2026-5939	2026-04-30 02:28	2026-04-27	Show	GitHub Exploit DB Packet Storm

372	5.5	MEDIUM Local	foxit	pdf_editor pdf_reader	Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. Update	CWE-416 Use After Free	CVE-2026-5940	2026-04-30 02:26	2026-04-27	Show	GitHub Exploit DB Packet Storm

373	7.1	HIGH Local	foxit	pdf_editor pdf_reader	Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during inte… Update	CWE-20 NVD-CWE-noinfo Improper Input Validation	CVE-2026-5941	2026-04-30 02:24	2026-04-27	Show	GitHub Exploit DB Packet Storm

374	5.5	MEDIUM Local	foxit	pdf_editor pdf_reader	Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. Update	CWE-416 Use After Free	CVE-2026-5942	2026-04-30 02:18	2026-04-27	Show	GitHub Exploit DB Packet Storm

375	7.8	HIGH Local	foxit	pdf_editor pdf_reader	Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not pro… Update	CWE-416 Use After Free	CVE-2026-5943	2026-04-30 02:18	2026-04-27	Show	GitHub Exploit DB Packet Storm

376	4.7	MEDIUM Network	-	-	A vulnerability was found in SourceCodester Pizzafy Ecommerce System 1.0. Affected is the function save_menu of the file /admin/admin_class_novo.php of the component File Extension Handler. Performin… New	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2026-7393	2026-04-30 02:16	2026-04-30	Show	GitHub Exploit DB Packet Storm

377	6.3	MEDIUM Network	-	-	A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts the function delete_supplier of the file /ajax.php?action=delete_supplier. Such manipulation of … New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7392	2026-04-30 02:16	2026-04-30	Show	GitHub Exploit DB Packet Storm

378	6.3	MEDIUM Network	-	-	A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function save_supplier of the file /ajax.php?action=save_supplier. This manipulation of the argument … New	CWE-74 CWE-89 Injection SQL Injection	CVE-2026-7391	2026-04-30 02:16	2026-04-30	Show	GitHub Exploit DB Packet Storm

379	6.1	MEDIUM Local	artifex	mupdf	A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulatio… New	CWE-119 CWE-125 Incorrect Access of Indexable Resource ('Range Error') Out-of-bounds Read	CVE-2026-7233	2026-04-30 02:15	2026-04-28	Show	GitHub Exploit DB Packet Storm

380	5.3	MEDIUM Local	openclaw	openclaw	OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro… Update	CWE-184 Incomplete Blacklist	CVE-2026-41332	2026-04-30 02:10	2026-04-24	Show	GitHub Exploit DB Packet Storm