Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2841	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows カーネルの特権の昇格の脆弱性	CWE-415 二重解放	CVE-2026-26163	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2842	7	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows 11 26h1 Microsoft Windows Server 2025 Microsoft Windows 11 24h2 Microsoft Wind…	Windows シェルの特権の昇格の脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-26165	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2843	7	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows 11 26h1 Microsoft Windows Server 2025 Microsoft Windows 11 24h2 Microsoft Wind…	Windows シェルの特権の昇格の脆弱性	CWE-415 二重解放	CVE-2026-26166	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2844	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows プッシュ通知の特権昇格の脆弱性	CWE-362 CWE-416	CVE-2026-26167	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2845	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性	CWE-362 CWE-416	CVE-2026-26168	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2846	6.1	警告 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows カーネルメモリの情報漏えいの脆弱性	CWE-126 バッファオーバーリード	CVE-2026-26169	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2847	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	PowerShell の特権の昇格の脆弱性	CWE-20 不適切な入力確認	CVE-2026-26170	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2848	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows 11 26h1 Microsoft Windows 10 22h2 Microsoft Windows 10 21h2 Microsoft Windows&…	Windows プッシュ通知の特権昇格の脆弱性	CWE-362 CWE-416	CVE-2026-26172	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2849	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	WinSock 用 Windows Ancillary Function Driver の特権の昇格の脆弱性	CWE-362 CWE-416 CWE-476	CVE-2026-26173	2026-04-27 10:51	2026-04-14	Show	GitHub Exploit DB Packet Storm

2850	8.2	重要 Network	FirebirdSQL	Firebird	FirebirdSQLのFirebirdにおける複数の脆弱性	CWE-119 CWE-787	CVE-2026-27890	2026-04-27 10:51	2026-04-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1211	7.5	HIGH Network	-	-	Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malici… Update	CWE-770 CWE-789 Allocation of Resources Without Limits or Throttling Memory Allocation with Excessive Size Value	CVE-2026-42189	2026-05-12 01:17	2026-05-9	Show	GitHub Exploit DB Packet Storm

1212	7.5	HIGH Network	-	-	LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in {% layout %} / {% block %} causes an infinite recursive loo… Update	CWE-674 Uncontrolled Recursion	CVE-2026-41311	2026-05-12 01:17	2026-05-9	Show	GitHub Exploit DB Packet Storm

1213	-		-	-	Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /product/. Exploitat… New	CWE-79 Cross-site Scripting	CVE-2026-3320	2026-05-12 01:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

1214	-		-	-	Reflected Cross-Site Scripting (XSS) in the latest demo version of the Cradle eCommerce platform. User-controlled input is insecurely reflected in the HTML output in the endpoint /collection/. Exploi… New	CWE-79 Cross-site Scripting	CVE-2026-3319	2026-05-12 01:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

1215	-		-	-	Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML files without disabling entity resolution. An attacker can craf… New	-	CVE-2026-31247	2026-05-12 01:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

1216	-		-	-	GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 (2025-09-03) contains a command injection vulnerability (CWE-78) in the Executor.run() method. During project execution, when the system… New	-	CVE-2026-31246	2026-05-12 01:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

1217	6.4	MEDIUM Adjacent	-	-	Due to not validating the organization context when executing adaptive authentication flows, the WSO2 Identity Server allows adaptive authentication logic to be triggered on unintended organizations.… New	CWE-284 CWE-863 Improper Access Control Incorrect Authorization	CVE-2025-9973	2026-05-12 01:17	2026-05-11	Show	GitHub Exploit DB Packet Storm

1218	-		-	-	Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2026-21709. Reason: This record is a duplicate of CVE-2026-21709. Notes: All CVE users should reference CVE-2026-21709 instead of this rec… New	-	CVE-2025-63750	2026-05-12 01:17	2026-05-12	Show	GitHub Exploit DB Packet Storm

1219	8.1	HIGH Network	weblate	weblate	Weblate is a web based localization tool. Prior to version 5.17.1, an authenticated user with project.add permission (default on hosted Weblate SaaS and for any user holding an active billing/trial p… Update	CWE-20 CWE-918 Improper Input Validation Server-Side Request Forgery (SSRF)	CVE-2026-41654	2026-05-12 00:30	2026-05-8	Show	GitHub Exploit DB Packet Storm

1220	6.5	MEDIUM Network	mongodb	mongodb	An authenticated user can crash mongod when running $rankFusion or $scoreFusion with an empty pipeline on a view. When resolving a view, the server inspects the aggregation pipeline to determine whe… Update	CWE-476 NULL Pointer Dereference	CVE-2026-8063	2026-05-12 00:26	2026-05-7	Show	GitHub Exploit DB Packet Storm