Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
250411 5 警告 Opera Software ASA - Opera におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-4582 2012-03-27 18:42 2010-12-16 Show GitHub Exploit DB Packet Storm
250412 10 危険 Opera Software ASA - Opera における詳細不明の脆弱性 CWE-noinfo
情報不足 		CVE-2010-4581 2012-03-27 18:42 2010-12-16 Show GitHub Exploit DB Packet Storm
250413 5 警告 Opera Software ASA - Opera における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2010-4580 2012-03-27 18:42 2010-12-16 Show GitHub Exploit DB Packet Storm
250414 5 警告 Opera Software ASA - Opera における巧妙に細工された Web サイトと通信される脆弱性 CWE-DesignError
CVE-2010-4579 2012-03-27 18:42 2010-12-16 Show GitHub Exploit DB Packet Storm
250415 10 危険 Google - Google Chrome および Chrome OS におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2010-4578 2012-03-27 18:42 2010-12-21 Show GitHub Exploit DB Packet Storm
250416 5 警告 Google - Google Chrome および Chrome OS の browser/worker_host/message_port_dispatcher.cc におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2010-4576 2012-03-27 18:42 2010-12-21 Show GitHub Exploit DB Packet Storm
250417 4.3 警告 Google - Google Chrome および Chrome OS のbrowser/extensions/theme_installed_infobar_delegate.cc におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2010-4575 2012-03-27 18:42 2010-12-21 Show GitHub Exploit DB Packet Storm
250418 7.5 危険 Google - Google Chrome および Chrome OS の Pickle::Pickle 関数におけるメッセージの非シリアル化検証を回避される脆弱性 CWE-189
数値処理の問題 		CVE-2010-4574 2012-03-27 18:42 2010-12-21 Show GitHub Exploit DB Packet Storm
250419 9.3 危険 VMware - VMware ESXi の Update Installer におけるアクセスを取得される脆弱性 CWE-287
不適切な認証 		CVE-2010-4573 2012-03-27 18:42 2010-12-21 Show GitHub Exploit DB Packet Storm
250420 9.3 危険 シトリックス・システムズ - Citrix Access Gateway の Web 認証フォームにおける任意のコマンドを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2010-4566 2012-03-27 18:42 2010-12-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1821 6.8 MEDIUM
Network 		- - Trilium Notes is an open-source, cross-platform hierarchical note taking application for building large personal knowledge bases. Versions 0.102.1 and prior are vulnerable to Local File Inclusion, al… CWE-22
CWE-73
Path Traversal
 External Control of File Name or Path 		CVE-2026-35593 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1822 6.8 MEDIUM
Network 		- - EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below allow authenticated users to upload SVG attachments through normal attachment-capable fields and later… CWE-79
Cross-site Scripting 		CVE-2026-33741 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1823 6.5 MEDIUM
Network 		- - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to … CWE-200
CWE-908
Information Exposure
 Use of Uninitialized Resource 		CVE-2026-32814 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1824 9.1 CRITICAL
Network 		- - API endpoints in LalanaChami Pharmacy Management System (commit 5c3d028) lack authentication middleware. Unauthenticated remote attackers can exploit this to dump all user records (including bcrypt p… CWE-306
Missing Authentication for Critical Function 		CVE-2026-31071 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1825 9.8 CRITICAL
Network 		- - The LalanaChami Pharmacy Management System (commit 5c3d028) allows unauthenticated remote attackers to escalate privileges by self-assigning an administrative role during registration. The /api/user/… CWE-269
 Improper Privilege Management 		CVE-2026-31070 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1826 8.8 HIGH
Network 		- - BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpo… CWE-89
SQL Injection 		CVE-2026-31069 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1827 9.8 CRITICAL
Network 		- - scalar/astro v0.1.13 was discovered to contain a Server-Side Request Forgery (SSRF) in the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows unauthenticated attackers… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-30118 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1828 9.8 CRITICAL
Network 		- - scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalar_url query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execut… CWE-94
Code Injection 		CVE-2026-30117 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1829 4.6 MEDIUM
Physics 		- - Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. A… CWE-1284
 Improper Validation of Specified Quantity in Input 		CVE-2025-15645 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm
1830 6.5 MEDIUM
Network 		- - Ledger Live with vulnerable versions of ledgerhq/hw-app-eth prior to 6.34.7 contains an integer parsing vulnerability that allows attackers to manipulate EIP-712 typed data messages by exploiting inc… CWE-704
 Incorrect Type Conversion or Cast 		CVE-2023-7345 2026-05-20 23:16 2026-05-20 Show GitHub Exploit DB Packet Storm