Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
207741 5 警告 Ruby on Rails project - Ruby on Rails の Active Support の jdom.rb および rexml.rb コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2015-3227 2015-07-28 17:04 2015-06-16 Show GitHub Exploit DB Packet Storm
207742 4.3 警告 Ruby on Rails project - Ruby on Rails の Active Support の json/encoding.rb におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3226 2015-07-28 17:04 2015-06-16 Show GitHub Exploit DB Packet Storm
207743 5 警告 Rack
Ruby on Rails project		 - Ruby on Rails などの製品で使用される Rack の lib/rack/utils.rb におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-3225 2015-07-28 17:04 2015-06-16 Show GitHub Exploit DB Packet Storm
207744 4.3 警告 Ruby on Rails project - Ruby on Rails で使用される Web Console の request.rb における whitelisted_ips 保護メカニズムを回避される脆弱性 CWE-Other
その他 		CVE-2015-3224 2015-07-28 17:04 2015-06-16 Show GitHub Exploit DB Packet Storm
207745 5 警告 Ruby on Rails project - Ruby on Rails で使用される jquery-rails の jquery_ujs.js および jquery-ujs の rails.js における同一生成元ポリシーを回避される脆弱性 CWE-200
情報漏えい 		CVE-2015-1840 2015-07-28 17:04 2015-06-16 Show GitHub Exploit DB Packet Storm
207746 4.3 警告 Nucleus - Nucleus CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5454 2015-07-28 14:51 2015-06-26 Show GitHub Exploit DB Packet Storm
207747 6.8 警告 Honeywell International Inc. - Honeywell Tuxedo Touch におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2015-2848 2015-07-28 14:47 2015-07-24 Show GitHub Exploit DB Packet Storm
207748 5 警告 Honeywell International Inc. - Honeywell Tuxedo Touch におけるアクセス制限を回避される脆弱性 CWE-Other
その他 		CVE-2015-2847 2015-07-28 14:46 2015-07-24 Show GitHub Exploit DB Packet Storm
207749 5 警告 IBM - Android 用 IBM Maximo Anywhere アプリケーションにおけるパスコード保護メカニズムを回避される脆弱性 CWE-200
情報漏えい 		CVE-2015-4945 2015-07-28 14:42 2015-07-21 Show GitHub Exploit DB Packet Storm
207750 4.9 警告 Linux - Linux Kernel の arch/x86/kvm/lapic.h 内の kvm_apic_has_events 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2015-4692 2015-07-28 14:42 2015-05-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
871 - - - A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at… New CWE-122
CWE-843
Heap-based Buffer Overflow
Type Confusion 		CVE-2026-6210 2026-05-8 00:10 2026-05-6 Show GitHub Exploit DB Packet Storm
872 6.5 MEDIUM
Network 		- - Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C… Update CWE-1236
 Improper Neutralization of Formula Elements in a CSV File 		CVE-2026-27644 2026-05-8 00:09 2026-05-5 Show GitHub Exploit DB Packet Storm
873 5.4 MEDIUM
Network 		- - Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper … Update CWE-91
Blind XPath Injection 		CVE-2026-27693 2026-05-8 00:09 2026-05-5 Show GitHub Exploit DB Packet Storm
874 5.4 MEDIUM
Network 		- - Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver n… Update CWE-79
Cross-site Scripting 		CVE-2026-27694 2026-05-8 00:09 2026-05-5 Show GitHub Exploit DB Packet Storm
875 7.5 HIGH
Network 		- - NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.39, the queryParentSQL() function in the core database package co… New CWE-89
SQL Injection 		CVE-2026-41640 2026-05-8 00:08 2026-05-7 Show GitHub Exploit DB Packet Storm
876 - - - Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._red… Update CWE-601
Open Redirect 		CVE-2025-61669 2026-05-8 00:07 2026-05-6 Show GitHub Exploit DB Packet Storm
877 - - - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured root_d… New CWE-22
Path Traversal 		CVE-2026-35397 2026-05-8 00:07 2026-05-6 Show GitHub Exploit DB Packet Storm
878 - - - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, the Origin header validation uses Python's re.match() to check incoming origins against the allow_origin_pa… New CWE-777
CVE-2026-40110 2026-05-8 00:07 2026-05-6 Show GitHub Exploit DB Packet Storm
879 - - - In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 an… New CWE-79
Cross-site Scripting 		CVE-2026-40171 2026-05-8 00:07 2026-05-7 Show GitHub Exploit DB Packet Storm
880 - - - OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the `/openmrs/moduleResources/{moduleid}` endpoint is vulnera… New CWE-22
Path Traversal 		CVE-2026-40075 2026-05-8 00:06 2026-05-6 Show GitHub Exploit DB Packet Storm