Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
212831 5.4 警告 ngemc - Android 用 My NGEMC Account アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7449 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212832 5.4 警告 Magzter Inc. - Android 用 DealSide Institutional アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7448 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212833 5.4 警告 dattch - Android 用 Dattch - The Lesbian App アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7447 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212834 5.4 警告 bilingual magic ball project - Android 用 Bilingual Magic Ball アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7446 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212835 5.4 警告 jowangel - Android 用 LEGEND OF TRANCE アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7445 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212836 5.4 警告 Baidu, Inc. - Android 用 Baidu Navigation アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7444 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212837 5.4 警告 face fun photo collage maker project - Android 用 Face Fun Photo Collage Maker 2 アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7443 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212838 5.4 警告 pakan ken tube project - Android 用 Pakan Ken Tube アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7441 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212839 5.4 警告 beneplus - Android 用 bene+ odmeny a slevy アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7439 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
212840 5.4 警告 love horoscope guide project - Android 用 Love Horoscope Guide アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7437 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1211 7.5 HIGH
Network 		- - Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malici… New CWE-770
CWE-789
 Allocation of Resources Without Limits or Throttling
 Memory Allocation with Excessive Size Value 		CVE-2026-42189 2026-05-12 01:17 2026-05-9 Show GitHub Exploit DB Packet Storm
1212 7.5 HIGH
Network 		- - LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo… New CWE-674
 Uncontrolled Recursion 		CVE-2026-41311 2026-05-12 01:17 2026-05-9 Show GitHub Exploit DB Packet Storm
1213 - - - Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitat… New CWE-79
Cross-site Scripting 		CVE-2026-3320 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1214 - - - Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploi… New CWE-79
Cross-site Scripting 		CVE-2026-3319 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1215 - - - Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf… New - CVE-2026-31247 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1216 - - - GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system… New - CVE-2026-31246 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1217 6.4 MEDIUM
Adjacent 		- - Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.… New CWE-284
CWE-863
Improper Access Control
 Incorrect Authorization 		CVE-2025-9973 2026-05-12 01:17 2026-05-11 Show GitHub Exploit DB Packet Storm
1218 - - - Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this rec… New - CVE-2025-63750 2026-05-12 01:17 2026-05-12 Show GitHub Exploit DB Packet Storm
1219 8.1 HIGH
Network 		weblate weblate Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p… Update CWE-20
CWE-918
 Improper Input Validation 
Server-Side Request Forgery (SSRF)  		CVE-2026-41654 2026-05-12 00:30 2026-05-8 Show GitHub Exploit DB Packet Storm
1220 6.5 MEDIUM
Network 		mongodb mongodb An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… Update CWE-476
 NULL Pointer Dereference 		CVE-2026-8063 2026-05-12 00:26 2026-05-7 Show GitHub Exploit DB Packet Storm