Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 11, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
207241 6.8 警告 Google - Google Chrome の PDFium で使用される OpenJPEG の j2k.c におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2015-1273 2015-09-3 17:07 2015-07-21 Show GitHub Exploit DB Packet Storm
207242 7.5 危険 Google - Google Chrome の GPU プロセスの実装におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-1272 2015-09-3 17:07 2015-07-21 Show GitHub Exploit DB Packet Storm
207243 6.8 警告 Google - Google Chrome で使用される PDFium におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2015-1271 2015-09-3 17:07 2015-07-21 Show GitHub Exploit DB Packet Storm
207244 10 危険 アドビシステムズ - Adobe Flash Player (ByteArray) に解放済みメモリ使用 (use-after-free) の脆弱性 CWE-119
バッファエラー 		CVE-2015-5119 2015-09-3 16:40 2015-07-7 Show GitHub Exploit DB Packet Storm
207245 7.2 危険 マイクロソフト - Windows の Adobe Type Manager モジュールに特権昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-2387 2015-09-3 16:40 2015-07-14 Show GitHub Exploit DB Packet Storm
207246 4.3 警告 Widgets project - MediaWiki 用 Widgets エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-6737 2015-09-3 16:19 2015-08-10 Show GitHub Exploit DB Packet Storm
207247 5 警告 Quiz project - MediaWiki 用 Quiz エクステンションにおけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-6736 2015-09-3 16:19 2015-08-10 Show GitHub Exploit DB Packet Storm
207248 5 警告 TimedMediaHandler project - MediaWiki 用 TimedMediaHandler エクステンションのリセット機能におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-6735 2015-09-3 16:19 2015-08-10 Show GitHub Exploit DB Packet Storm
207249 4.3 警告 Nigel McNie
MediaWiki		 - SyntaxHighlight_GeSHi エクステンションおよび MediaWiki で使用される GeSHi の contrib/cssgen.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-6734 2015-09-3 16:19 2015-08-10 Show GitHub Exploit DB Packet Storm
207250 5 警告 Nigel McNie
MediaWiki		 - SyntaxHighlight_GeSHi エクステンションおよび MediaWiki で使用される GeSHi におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2015-6733 2015-09-3 16:19 2015-08-10 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
541 7.2 HIGH
Network 		- - A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann… Update CWE-912
 Hidden Functionality 		CVE-2026-7413 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
542 6.6 MEDIUM
Local 		- - Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc… New CWE-122
CWE-190
Heap-based Buffer Overflow
 Integer Overflow or Wraparound 		CVE-2026-45130 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
543 3.8 LOW
Network 		- - SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th… New CWE-269
 Improper Privilege Management 		CVE-2026-44987 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
544 - - - Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick… New CWE-78
OS Command  		CVE-2026-44656 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
545 8.9 HIGH
Network 		- - Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow… New CWE-79
Cross-site Scripting 		CVE-2026-42556 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
546 9.9 CRITICAL
Network 		- - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t… New CWE-78
OS Command  		CVE-2026-42454 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
547 8.1 HIGH
Network 		- - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, /users/login issues a temporary JWT (temp_token) for TOTP-enabled… New CWE-304
 Missing Critical Step in Authentication 		CVE-2026-42452 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
548 6.3 MEDIUM
Local 		- - Grimmory is a self-hosted digital library. Prior to version 2.3.1, a stored cross-site scripting (XSS) vulnerability in Grimmory's browser-based EPUB reader allows an attacker to embed arbitrary Java… New CWE-79
CWE-80
Cross-site Scripting
Basic XSS 		CVE-2026-42451 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
549 9.1 CRITICAL
Network 		- - Sentry is an error tracking and performance monitoring tool. From version 21.12.0 to before version 26.4.1, a critical vulnerability was discovered in the SAML SSO implementation of Sentry. The vulne… New CWE-290
 Authentication Bypass by Spoofing 		CVE-2026-42354 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
550 8.6 HIGH
Network 		- - pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to reques… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42352 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm