Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
215751	3.5	注意	apptha.com	-	WordPress 用 Apptha WordPress Video Gallery プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-9098	2014-12-1 15:08	2014-07-15	Show	GitHub Exploit DB Packet Storm

215752	7.5	危険	apptha.com	-	WordPress 用 Apptha WordPress Video Gallery プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-9097	2014-12-1 14:39	2014-07-23	Show	GitHub Exploit DB Packet Storm

215753	7.5	危険	Pligg	-	Pligg CMS の recover.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-9096	2014-12-1 14:27	2014-07-31	Show	GitHub Exploit DB Packet Storm

215754	7.5	危険	ラリタン・ジャパン株式会社	-	Raritan Power IQ における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2014-9095	2014-12-1 14:17	2014-07-16	Show	GitHub Exploit DB Packet Storm

215755	7.5	危険	The Document Foundation	-	LibreOffice におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2014-9093	2014-12-1 13:52	2014-11-19	Show	GitHub Exploit DB Packet Storm

215756	4.3	警告	Digital Zoom Studio	-	WordPress 用 Digital Zoom Studio Video Gallery プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-9094	2014-12-1 13:32	2014-05-8	Show	GitHub Exploit DB Packet Storm

215757	7.2	危険	Wibu-Systems AG	-	Wibu-Systems CodeMeter Runtime における権限を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-8419	2014-12-1 11:56	2014-11-20	Show	GitHub Exploit DB Packet Storm

215758	5.4	警告	Linux	-	Linux Kernel の net/sctp/associola.c 内の sctp_assoc_update 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2014-5077	2014-11-28 18:02	2014-07-22	Show	GitHub Exploit DB Packet Storm

215759	5	警告	Mozilla Foundation	-	Mozilla Firefox の Alarm API における同一生成元ポリシーを回避される脆弱性	CWE-Other その他	CVE-2014-1583	2014-11-28 17:31	2014-10-14	Show	GitHub Exploit DB Packet Storm

215760	7.5	危険	Mozilla Foundation	-	Mozilla Firefox および Thunderbird の DirectionalityUtils.cpp における任意のコードを実行される脆弱性	CWE-Other その他	CVE-2014-1581	2014-11-28 17:28	2014-10-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1181	5.3	MEDIUM Network	thecodingmachine	gotenberg	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/…	CWE-22 CWE-73 Path Traversal External Control of File Name or Path	CVE-2026-42593	2026-05-18 22:01	2026-05-15	Show	GitHub Exploit DB Packet Storm

1182	8.6	HIGH Network	thecodingmachine	gotenberg	Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based S…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-42595	2026-05-18 22:01	2026-05-15	Show	GitHub Exploit DB Packet Storm

1183	5.3	MEDIUM Network	mongodb	mongodb	When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This is…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-8200	2026-05-18 22:01	2026-05-13	Show	GitHub Exploit DB Packet Storm

1184	6.5	MEDIUM Network	mongodb	mongodb	Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilizatio…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-8202	2026-05-18 21:55	2026-05-13	Show	GitHub Exploit DB Packet Storm

1185	6.5	MEDIUM Network	mongodb	mongodb	After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se…	CWE-416 Use After Free	CVE-2026-8336	2026-05-18 21:54	2026-05-13	Show	GitHub Exploit DB Packet Storm

1186	7.5	HIGH Network	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final, when decoding header blocks, the non-Huffman branch of io.netty.handler.codec.http3.QpackDecoder#decodeHuf…	CWE-770 CWE-789 Allocation of Resources Without Limits or Throttling Memory Allocation with Excessive Size Value	CVE-2026-42582	2026-05-18 21:54	2026-05-14	Show	GitHub Exploit DB Packet Storm

1187	7.5	HIGH Network	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's HttpProxyHandler constructs HTTP CONNECT requests with header validation explici…	CWE-113 HTTP Response Splitting	CVE-2026-42578	2026-05-18 21:54	2026-05-14	Show	GitHub Exploit DB Packet Storm

1188	7.5	HIGH Network	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Encoding, enabling request smuggling attacks…	CWE-444 HTTP Request Smuggling	CVE-2026-42585	2026-05-18 21:24	2026-05-14	Show	GitHub Exploit DB Packet Storm

1189	7.5	HIGH Network	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Lz4FrameDecoder allocates a ByteBuf of size decompressedLength (up to 32 MB per block) b…	CWE-400 CWE-770 Uncontrolled Resource Consumption Allocation of Resources Without Limits or Throttling	CVE-2026-42583	2026-05-18 21:22	2026-05-14	Show	GitHub Exploit DB Packet Storm

1190	7.5	HIGH Network	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation parameter to limit decompression buffer …	CWE-400 Uncontrolled Resource Consumption	CVE-2026-42587	2026-05-18 21:20	2026-05-14	Show	GitHub Exploit DB Packet Storm