Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
208831	4.3	警告	シマンテック	-	Symantec Web Gateway アプライアンスのソフトウェア上で稼動する管理コンソールの PHP スクリプトにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-5691	2015-09-29 15:05	2015-09-16	Show	GitHub Exploit DB Packet Storm

208832	8.5	危険	シマンテック	-	Symantec Web Gateway アプライアンスのソフトウェア上で稼動する管理コンソールにおけるアクセス制限を回避される脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2015-5690	2015-09-29 15:05	2015-09-16	Show	GitHub Exploit DB Packet Storm

208833	6.8	警告	シマンテック	-	Symantec Ghost Solutions Suite および Symantec Deployment Solution の Ghost Explorer ユーティリティの ghostexp.exe における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2015-5689	2015-09-29 15:05	2015-09-2	Show	GitHub Exploit DB Packet Storm

208834	6.5	警告	シマンテック	-	Symantec Endpoint Protection の Manager コンポーネントの PHP スクリプトにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-9229	2015-09-29 15:05	2014-12-3	Show	GitHub Exploit DB Packet Storm

208835	4.9	警告	シマンテック	-	Symantec Endpoint Protection の Manager コンポーネントの sysplant.sys におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2014-9228	2015-09-29 15:05	2014-12-3	Show	GitHub Exploit DB Packet Storm

208836	4.4	警告	シマンテック	-	Symantec Endpoint Protection の Manager コンポーネントにおける権限を取得される脆弱性	CWE-Other その他	CVE-2014-9227	2015-09-29 15:05	2014-12-3	Show	GitHub Exploit DB Packet Storm

208837	4.3	警告	Securifi	-	Securifi Almond および Almond-2015 デバイスのファームウェアにおけるクリックジャッキング攻撃を実行される脆弱性	CWE-20 不適切な入力確認	CVE-2015-2917	2015-09-29 11:50	2015-09-10	Show	GitHub Exploit DB Packet Storm

208838	6.8	警告	Securifi	-	Securifi Almond および Almond-2015 デバイスのファームウェアにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2015-2916	2015-09-29 11:50	2015-09-10	Show	GitHub Exploit DB Packet Storm

208839	7.3	危険	Securifi	-	Securifi Almond および Almond-2015 デバイスのファームウェアにおける Web 管理のアクセス権を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2015-2915	2015-09-29 11:50	2015-09-10	Show	GitHub Exploit DB Packet Storm

208840	5	警告	Securifi	-	Securifi Almond および Almond-2015 デバイスのファームウェアにおけるレスポンスを偽装される脆弱性	CWE-Other その他	CVE-2015-2914	2015-09-29 11:50	2015-09-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2701	7.5	HIGH Network	microsoft	windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2025	Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.	CWE-476 NULL Pointer Dereference	CVE-2026-40405	2026-05-16 00:20	2026-05-13	Show	GitHub Exploit DB Packet Storm

2702	7.5	HIGH Network	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.	CWE-416 Use After Free	CVE-2026-40406	2026-05-16 00:20	2026-05-13	Show	GitHub Exploit DB Packet Storm

2703	7.8	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.	CWE-122 Heap-based Buffer Overflow	CVE-2026-40407	2026-05-16 00:19	2026-05-13	Show	GitHub Exploit DB Packet Storm

2704	9.1	CRITICAL Network	-	-	Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens…	CWE-94 Code Injection	CVE-2026-8634	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2705	4.3	MEDIUM Network	-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate…	CWE-863 Incorrect Authorization	CVE-2026-45148	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2706	7.5	HIGH Network	-	-	libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…	CWE-190 Integer Overflow or Wraparound	CVE-2026-44673	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2707	-		-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw strings.…	CWE-79 CWE-94 CWE-1188 Cross-site Scripting Code Injection Insecure Default Initialization of Resource	CVE-2026-44670	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2708	-		-	-	HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its …	CWE-78 OS Command	CVE-2026-44666	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2709	-		-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decode…	CWE-79 CWE-116 CWE-1188 Cross-site Scripting Improper Encoding or Escaping of Output Insecure Default Initialization of Resource	CVE-2026-44588	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

2710	10.0	CRITICAL Network	-	-	Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secr…	CWE-326 CWE-345 Inadequate Encryption Strength Insufficient Verification of Data Authenticity	CVE-2026-44523	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm