Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 14, 2026, 12:08 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2661	6.5	警告 Network	jellyfin	jellyfin	jellyfinにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-35034	2026-04-27 11:22	2026-04-14	Show	GitHub Exploit DB Packet Storm

2662	8.8	重要 Network	Glances project	Glances	Nicolas Hennion (nicolargo)のGlancesにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-35587	2026-04-27 11:21	2026-04-21	Show	GitHub Exploit DB Packet Storm

2663	9.3	緊急 Network	nanobot	nanobot	nanobotにおける WebSocket でのオリジン検証の欠如に関する脆弱性	CWE-1385 WebSocket でのオリジン検証の欠如	CVE-2026-35589	2026-04-27 11:21	2026-04-14	Show	GitHub Exploit DB Packet Storm

2664	8.8	重要 Network	webkul	krayin crm	webkulのkrayin crmにおける複数の脆弱性	CWE-269 CWE-639	CVE-2026-38529	2026-04-27 11:21	2026-04-14	Show	GitHub Exploit DB Packet Storm

2665	8.1	重要 Network	webkul	krayin crm	webkulのkrayin crmにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-38530	2026-04-27 11:21	2026-04-14	Show	GitHub Exploit DB Packet Storm

2666	8.1	重要 Network	webkul	krayin crm	webkulのkrayin crmにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-38532	2026-04-27 11:21	2026-04-14	Show	GitHub Exploit DB Packet Storm

2667	5.4	警告 Network	Istio	Istio	Istioにおける複数の脆弱性	CWE-185 CWE-863	CVE-2026-39350	2026-04-27 11:21	2026-04-15	Show	GitHub Exploit DB Packet Storm

2668	6.5	警告 Network	Project Jupyter	nbconvert	Project Jupyterのnbconvertにおける複数の脆弱性	CWE-22 CWE-73	CVE-2026-39377	2026-04-27 11:21	2026-04-21	Show	GitHub Exploit DB Packet Storm

2669	6.5	警告 Network	Project Jupyter	nbconvert	Project Jupyterのnbconvertにおける複数の脆弱性	CWE-22 CWE-73	CVE-2026-39378	2026-04-27 11:21	2026-04-21	Show	GitHub Exploit DB Packet Storm

2670	7.2	重要 Network	boidcms	boidcms	boidcmsにおけるPHP リモートファイルインクルージョンの脆弱性	CWE-98 PHP リモートファイルインクルージョン	CVE-2026-39387	2026-04-27 11:21	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
350771	-	sas	base integration_technologies	sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.	NVD-CWE-Other	CVE-2002-2017	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350772	-	sas	base integration_technologies	sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.	NVD-CWE-Other	CVE-2002-2018	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350773	-	netgear	rp114	Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the…	NVD-CWE-Other	CVE-2002-2020	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350774	-	woltlab	burning_board	Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbboard) 1.1.1 allows remote attackers to inject arbitrary web script or HTML via the message parameter.	NVD-CWE-Other	CVE-2002-2021	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350775	-	kaffe	kaffe_openvm	Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows local users to execute arbitrary code, when a java.lang.NoClassDefFoundError is thrown, via format specifiers in the forName attri…	NVD-CWE-Other	CVE-2002-2022	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350776	-	yamaguchi	shingo_beep2	The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors.	NVD-CWE-Other	CVE-2002-2023	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350777	-	browseftp	browseftp_client	Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.	NVD-CWE-Other	CVE-2002-2026	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350778	-	doow	doow	Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not properly verify user permissions, which allows remote attackers to perform unauthorized activities.	NVD-CWE-Other	CVE-2002-2027	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350779	-	apache	http_server	PHP, when installed on Windows with Apache and ScriptAlias for /php/ set to c:/php/, allows remote attackers to read arbitrary files and possibly execute arbitrary programs via an HTTP request for ph…	NVD-CWE-Other	CVE-2002-2029	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm

350780	-	sqldata	sqldata_enterprise_server	Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows remote attacker to execute arbitrary code and cause a denial of service via a long HTTP request.	NVD-CWE-Other	CVE-2002-2030	2008-09-6 05:32	2002-12-31	Show	GitHub Exploit DB Packet Storm