Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3401 8.8 重要
Network 		TOTOLINK lr350 ファームウェア TOTOLINKのlr350 ファームウェアにおける複数の脆弱性 CWE-119
CWE-120
CVE-2026-1158 2026-02-2 19:37 2026-01-19 Show GitHub Exploit DB Packet Storm
3402 9.8 緊急
Network 		CRMEB CRMEB CRMEBにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2026-1202 2026-02-2 19:37 2026-01-20 Show GitHub Exploit DB Packet Storm
3403 8.1 重要
Network 		CRMEB CRMEB CRMEBにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2026-1203 2026-02-2 19:37 2026-01-20 Show GitHub Exploit DB Packet Storm
3404 9.8 緊急
Network 		Ivanti endpoint manager mobile Ivantiのendpoint manager mobileにおけるコードインジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2026-1281 2026-02-2 19:37 2026-01-29 Show GitHub Exploit DB Packet Storm
3405 9.8 緊急
Network 		Sangfor Technologies OSM Sangfor TechnologiesのOSMにおける複数の脆弱性 CWE-77
CWE-78
CWE-78
CVE-2026-1324 2026-02-2 19:37 2026-01-22 Show GitHub Exploit DB Packet Storm
3406 9.8 緊急
Network 		Sangfor Technologies OSM Sangfor TechnologiesのOSMにおけるパスワード管理機能に関する脆弱性 CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み 		CVE-2026-1325 2026-02-2 19:37 2026-01-22 Show GitHub Exploit DB Packet Storm
3407 8.8 重要
Network 		TOTOLINK nr1800x ファームウェア TOTOLINKのnr1800x ファームウェアにおける複数の脆弱性 CWE-74
CWE-77
CVE-2026-1326 2026-02-2 19:37 2026-01-22 Show GitHub Exploit DB Packet Storm
3408 8.8 重要
Network 		TOTOLINK nr1800x ファームウェア TOTOLINKのnr1800x ファームウェアにおける複数の脆弱性 CWE-74
CWE-77
CVE-2026-1327 2026-02-2 19:37 2026-01-22 Show GitHub Exploit DB Packet Storm
3409 8.8 重要
Network 		TOTOLINK nr1800x ファームウェア TOTOLINKのnr1800x ファームウェアにおける複数の脆弱性 CWE-119
CWE-120
CVE-2026-1328 2026-02-2 19:37 2026-01-22 Show GitHub Exploit DB Packet Storm
3410 4.2 警告
Physics 		Beetel Beetel 777VR1 ファームウェア BeetelのBeetel 777VR1 ファームウェアにおける複数の脆弱性 CWE-200
CWE-284
CVE-2026-1407 2026-02-2 19:37 2026-01-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
371 9.8 CRITICAL
Network 		- - PraisonAI is a multi-agent teams system. Prior to version 4.6.9, the fix for PraisonAI's MCP command handling does not add a command allowlist or argument validation to parse_mcp_command(), allowing … New CWE-77
CWE-78
Command Injection
OS Command  		CVE-2026-41497 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
372 - - - PraisonAI is a multi-agent teams system. Prior to version 1.6.32, the URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. This issue has b… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44335 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
373 6.3 MEDIUM
Network 		- - PraisonAI is a multi-agent teams system. From version 2.4.1 to before version 4.6.34, PraisonAI exposes optional SQL/CQL-backed knowledge-store implementations that build table and index identifiers … New CWE-20
CWE-89
 Improper Input Validation 
SQL Injection 		CVE-2026-44337 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
374 7.3 HIGH
Network 		- - PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any … New CWE-306
CWE-668
CWE-1188
Missing Authentication for Critical Function
 Exposure of Resource to Wrong Sphere
 Insecure Default Initialization of Resource 		CVE-2026-44338 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
375 8.4 HIGH
Local 		- - PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_reso… New CWE-94
Code Injection 		CVE-2026-44334 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
376 - - - PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules… New CWE-20
CWE-22
CWE-94
CWE-829
CWE-913
 Improper Input Validation 
Path Traversal
Code Injection
 Inclusion of Functionality from Untrusted Control Sphere
 Improper Control of Dynamically-Managed Code Resources 		CVE-2026-44336 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
377 8.6 HIGH
Network 		- - PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after… New CWE-470
Unsafe Reflection 		CVE-2026-44339 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
378 - - - PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member… New CWE-22
CWE-59
Path Traversal
Link Following 		CVE-2026-44340 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
379 - - - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templ… New CWE-1336
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-42203 2026-05-9 00:52 2026-05-8 Show GitHub Exploit DB Packet Storm
380 - - - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST… New CWE-77
CWE-78
Command Injection
OS Command  		CVE-2026-42271 2026-05-9 00:52 2026-05-8 Show GitHub Exploit DB Packet Storm