Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 31, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
220391	7.5	危険	Google	-	Google Chrome の net/base/escape.cc の UnescapeURLWithOffsetsImpl 関数における URL を偽装される脆弱性	CWE-20 不適切な入力確認	CVE-2014-1723	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220392	7.5	危険	Google	-	Google Chrome のソフトウェアコンポジタにおける整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2014-1718	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220393	5	警告	Google	-	Google Chrome で使用される Blink の wtf/text/Base64.cpp の base64DecodeInternal 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2014-1725	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220394	7.5	危険	Google	-	Google Chrome で使用される Blink の core/rendering/RenderBlock.cpp におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2014-1722	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220395	4.3	警告	Google	-	Google Chrome の drag の実装における同一生成元ポリシーを回避される脆弱性	CWE-DesignError	CVE-2014-1726	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220396	7.5	危険	Google	-	Google Chrome の content/renderer/renderer_webcolorchooser_impl.h におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2014-1727	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220397	7.5	危険	Google	-	Google Chrome で使用される Google V8 におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2014-1717	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220398	7.5	危険	Google	-	Google Chrome におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2014-1728	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220399	7.5	危険	Google	-	Google Chrome で使用される Google V8 の runtime.cc におけるクロスサイトスクリプティングの脆弱性	CWE-94 コード・インジェクション	CVE-2014-1716	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

220400	7.5	危険	Google	-	Google Chrome で使用される Google V8 におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2014-1721	2014-04-11 14:58	2014-04-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 31, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3021	-		-	-	Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-42100	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

3022	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3023	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3024	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3025	-		-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3026	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

3027	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

3028	9.8	CRITICAL Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…	CWE-426 Untrusted Search Path	CVE-2026-45772	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

3029	7.5	HIGH Network	ws_project	ws	ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…	CWE-908 Use of Uninitialized Resource	CVE-2026-45736	2026-05-19 23:39	2026-05-16	Show	GitHub Exploit DB Packet Storm

3030	7.5	HIGH Network	-	-	The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…	-	CVE-2025-15609	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm