Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3411	7.5	重要 Network	メディアテック	NR15	メディアテックのNR15における複数の脆弱性	CWE-617 CWE-754	CVE-2026-20401	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3412	7.5	重要 Network	メディアテック	NR15	メディアテックのNR15における境界外書き込みに関する脆弱性	CWE-787 CWE-noinfo	CVE-2026-20402	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3413	7.5	重要 Network	メディアテック	nr16 NR17R NR15 nr17	メディアテックのNR15等の複数製品における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-20403	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3414	7.5	重要 Network	メディアテック	nr16 NR17R NR15 nr17	メディアテックのNR15等の複数製品における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-20404	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3415	7.5	重要 Network	メディアテック	nr16 NR17R NR15 nr17	メディアテックのNR15等の複数製品における到達可能なアサーションに関する脆弱性	CWE-617 到達可能なアサーション	CVE-2026-20405	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3416	7.5	重要 Network	メディアテック	nr16 NR17R NR15 nr17	メディアテックのNR15等の複数製品における複数の脆弱性	CWE-754 CWE-770	CVE-2026-20406	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3417	9.3	緊急 Local	メディアテック	nbiot sdk	メディアテックのnbiot sdkにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-20407	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3418	8.8	重要 Adjacent	OpenWrt Project メディアテック	openwrt Software Development Kit	メディアテック等の複数ベンダの製品における複数の脆弱性	CWE-122 CWE-787	CVE-2026-20408	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3419	7.8	重要 Local	Google	Android	GoogleのAndroidにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-20409	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

3420	6.7	警告 Local	Google	Android	GoogleのAndroidにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-20410	2026-02-6 10:37	2026-02-2	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
621	6.7	MEDIUM Network	-	-	Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.67.0, Scoold allows the admins configuration value to be modified through /api/config/set/admins with a forged Bearer to…	CWE-306 Missing Authentication for Critical Function	CVE-2026-42176	2026-05-9 05:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

622	-		-	-	Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization …	CWE-602 CWE-863 Client-Side Enforcement of Server-Side Security Incorrect Authorization	CVE-2026-42160	2026-05-9 05:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

623	5.3	MEDIUM Network	-	-	n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming request…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-41495	2026-05-9 05:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

624	8.8	HIGH Network	-	-	A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege es…	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2026-29203	2026-05-9 05:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

625	4.3	MEDIUM Network	-	-	Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.	CWE-20 Improper Input Validation	CVE-2026-29201	2026-05-9 05:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

626	5.5	MEDIUM Local	osgeo	gdal	A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This…	CWE-119 CWE-125 Incorrect Access of Indexable Resource ('Range Error') Out-of-bounds Read	CVE-2026-8084	2026-05-9 05:11	2026-05-8	Show	GitHub Exploit DB Packet Storm

627	5.5	MEDIUM Local	osgeo	gdal	A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bo…	CWE-119 CWE-125 Incorrect Access of Indexable Resource ('Range Error') Out-of-bounds Read	CVE-2026-8088	2026-05-9 05:11	2026-05-8	Show	GitHub Exploit DB Packet Storm

628	6.5	MEDIUM Network	traccar	traccar	Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to C…	CWE-1236 Improper Neutralization of Formula Elements in a CSV File	CVE-2026-27644	2026-05-9 05:04	2026-05-5	Show	GitHub Exploit DB Packet Storm

629	5.4	MEDIUM Network	traccar	traccar	Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the KML and GPX export functionality writes device names to XML output without proper …	CWE-91 Blind XPath Injection	CVE-2026-27693	2026-05-9 05:04	2026-05-5	Show	GitHub Exploit DB Packet Storm

630	5.4	MEDIUM Network	traccar	traccar	Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver n…	CWE-79 Cross-site Scripting	CVE-2026-27694	2026-05-9 05:03	2026-05-5	Show	GitHub Exploit DB Packet Storm