Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 16, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2971 8.1 重要
Network 		HashiCorp Vault HashiCorpのVaultにおける代替パスまたはチャネルを使用した認証回避に関する脆弱性 CWE-288
代替パスまたはチャネルを使用した認証回避 		CVE-2026-3605 2026-04-27 11:19 2026-04-17 Show GitHub Exploit DB Packet Storm
2972 9.4 緊急
Network 		dgraph dgraph dgraphにおける複数の脆弱性 CWE-200
CWE-215
CWE-522
CVE-2026-40173 2026-04-27 11:19 2026-04-15 Show GitHub Exploit DB Packet Storm
2973 7.8 重要
Local 		Composer Composer Composerにおける複数の脆弱性 CWE-20
CWE-78
CWE-78
CVE-2026-40176 2026-04-27 11:19 2026-04-15 Show GitHub Exploit DB Packet Storm
2974 6.1 警告
Network 		Apostrophe Technologies sanitize-html
ApostropheCMS 		Apostrophe TechnologiesのApostropheCMS等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40186 2026-04-27 11:18 2026-04-15 Show GitHub Exploit DB Packet Storm
2975 8.8 重要
Network 		Composer Composer Composerにおける複数の脆弱性 CWE-20
CWE-78
CWE-78
CVE-2026-40261 2026-04-27 11:18 2026-04-15 Show GitHub Exploit DB Packet Storm
2976 9.8 緊急
Network 		Phpscriptsmall Advance Gift Shop Pro Script PhpscriptsmallのAdvance Gift Shop Pro ScriptにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2019-25680 2026-04-27 11:18 2026-04-5 Show GitHub Exploit DB Packet Storm
2977 9.8 緊急
Network 		WISDOM Pegasus CMS WISDOMのPegasus CMSにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2019-25687 2026-04-27 11:18 2026-04-5 Show GitHub Exploit DB Packet Storm
2978 8.8 重要
Network 		Nextcloud
windmill project		 windmill
Nextcloud Flow 		Nextcloud等の複数ベンダの製品における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2026-22683 2026-04-27 11:18 2026-04-7 Show GitHub Exploit DB Packet Storm
2979 7.5 重要
Network 		XiangShan NEMU XiangShanのNEMUにおける複数の脆弱性 CWE-1287
CWE-131
CVE-2026-29645 2026-04-27 11:18 2026-04-20 Show GitHub Exploit DB Packet Storm
2980 9.8 緊急
Network 		XiangShan NEMU XiangShanのNEMUにおける保護メカニズムの不具合に関する脆弱性 CWE-693
保護メカニズムの不具合 		CVE-2026-29649 2026-04-27 11:18 2026-04-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 16, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1371 9.1 CRITICAL
Network 		vmware spring_cloud_config Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially cra… CWE-22
Path Traversal 		CVE-2026-40982 2026-05-13 02:30 2026-05-7 Show GitHub Exploit DB Packet Storm
1372 8.1 HIGH
Network 		vmware spring_cloud_config The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks. Spring … CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-41002 2026-05-13 02:29 2026-05-7 Show GitHub Exploit DB Packet Storm
1373 6.2 MEDIUM
Local 		apple ipados
iphone_os
macos
tvos
visionos
watchos 		A buffer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 2… CWE-121
Stack-based Buffer Overflow 		CVE-2026-28897 2026-05-13 02:27 2026-05-12 Show GitHub Exploit DB Packet Storm
1374 8.8 HIGH
Local 		apple macos A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox. CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2026-28923 2026-05-13 02:24 2026-05-12 Show GitHub Exploit DB Packet Storm
1375 7.5 HIGH
Network 		apple macos A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts with… CWE-362
Race Condition 		CVE-2026-28924 2026-05-13 02:24 2026-05-12 Show GitHub Exploit DB Packet Storm
1376 7.5 HIGH
Network 		apple macos A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termin… CWE-120
Classic Buffer Overflow 		CVE-2026-28925 2026-05-13 02:24 2026-05-12 Show GitHub Exploit DB Packet Storm
1377 7.5 HIGH
Network 		apple ipados
iphone_os
macos 		A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display … CWE-1254
 Incorrect Comparison Logic Granularity 		CVE-2026-28929 2026-05-13 02:24 2026-05-12 Show GitHub Exploit DB Packet Storm
1378 7.8 HIGH
Local 		apple ipados
iphone_os
macos 		An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Ta… CWE-863
 Incorrect Authorization 		CVE-2026-28951 2026-05-13 02:23 2026-05-12 Show GitHub Exploit DB Packet Storm
1379 7.5 HIGH
Network 		apple ipados
iphone_os
macos 		A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted … CWE-290
 Authentication Bypass by Spoofing 		CVE-2026-28954 2026-05-13 02:21 2026-05-12 Show GitHub Exploit DB Packet Storm
1380 6.5 MEDIUM
Network 		open5gs open5gs A vulnerability was detected in Open5GS up to 2.7.7. This affects the function gsm_build_pdu_session_establishment_accept of the file /src/smf/gsm-build.c of the component SMF. The manipulation resul… CWE-404
 Improper Resource Shutdown or Release 		CVE-2026-8266 2026-05-13 02:20 2026-05-11 Show GitHub Exploit DB Packet Storm