Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
207021 4.3 警告 Mozilla Foundation - Android 上で稼働する Mozilla Firefox におけるロケーションバー属性を偽装される脆弱性 CWE-Other
その他 		CVE-2015-4476 2015-09-28 14:19 2015-09-22 Show GitHub Exploit DB Packet Storm
207022 10 危険 横河電機株式会社 - CENTUM を含む複数の YOKOGAWA 製品の通信機能に複数の脆弱性 - CVE-2015-5626
CVE-2015-5627
CVE-2015-5628 		2015-09-28 13:49 2015-09-10 Show GitHub Exploit DB Packet Storm
207023 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2015-6682 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207024 5 警告 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR における同一生成元ポリシーを回避される脆弱性 CWE-200
情報漏えい 		CVE-2015-6679 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207025 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2015-6678 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207026 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2015-6677 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207027 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2015-6676 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207028 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2015-5588 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207029 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2015-5587 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
207030 10 危険 マイクロソフト
アドビシステムズ
Google		 - Adobe Flash Player および Adobe AIR における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2015-5584 2015-09-25 15:39 2015-09-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
301 9.8 CRITICAL
Network 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accept… New CWE-200
CWE-312
CWE-522
CWE-532
Information Exposure
 Cleartext Storage of Sensitive Information
 Insufficiently Protected Credentials
 Inclusion of Sensitive Information in Log Files 		CVE-2026-43992 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
302 8.4 HIGH
Local 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constru… New CWE-78
CWE-184
OS Command 
 Incomplete Blacklist 		CVE-2026-43991 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
303 8.4 HIGH
Local 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument… New CWE-77
CWE-78
Command Injection
OS Command  		CVE-2026-43990 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
304 8.5 HIGH
Local 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved t… New CWE-20
CWE-22
CWE-59
CWE-73
 Improper Input Validation 
Path Traversal
Link Following
 External Control of File Name or Path 		CVE-2026-43989 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
305 6.2 MEDIUM
Local 		- - jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… New CWE-674
 Uncontrolled Recursion 		CVE-2026-43896 2026-05-13 02:16 2026-05-12 Show GitHub Exploit DB Packet Storm
306 6.5 MEDIUM
Network 		- - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t… New CWE-863
 Incorrect Authorization 		CVE-2026-42883 2026-05-13 02:16 2026-05-12 Show GitHub Exploit DB Packet Storm
307 8.5 HIGH
Network 		- - Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply … New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42858 2026-05-13 02:16 2026-05-12 Show GitHub Exploit DB Packet Storm
308 - - - Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo… New CWE-284
Improper Access Control 		CVE-2026-40300 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
309 5.3 MEDIUM
Network 		- - Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1. New CWE-862
 Missing Authorization 		CVE-2026-25431 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
310 - - - Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… New CWE-476
 NULL Pointer Dereference 		CVE-2026-20914 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm