Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3831 9.8 緊急
Network 		opensagres XDocReport opensagresのXDocReportにおけるXML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2025-65482 2026-02-5 15:50 2026-01-20 Show GitHub Exploit DB Packet Storm
3832 5.3 警告
Network 		pymdown extensions project pymdown extensions facelessuserのPyMdown Extensionsにおける非効率的な正規表現の複雑さに関する脆弱性 CWE-1333
非効率的な正規表現の複雑さ 		CVE-2025-68142 2026-02-5 15:50 2025-12-16 Show GitHub Exploit DB Packet Storm
3833 9.8 緊急
Network 		code-projects Computer Book Store carmelo (Carmelo Garcia)のComputer Book Storeにおける危険なタイプのファイルの無制限アップロードに関する脆弱性 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2025-69559 2026-02-5 15:50 2026-01-27 Show GitHub Exploit DB Packet Storm
3834 6.5 警告
Network 		TMS Global Software TMS Management Console TMS Global SoftwareのTMS Management Consoleにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-69612 2026-02-5 15:50 2026-01-22 Show GitHub Exploit DB Packet Storm
3835 6.5 警告
Network 		Keichi Takahashi binary-parser Keichi TakahashiのBinary-parserにおけるコードインジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2026-1245 2026-02-5 15:50 2026-01-20 Show GitHub Exploit DB Packet Storm
3836 9.8 緊急
Network 		csa-iot matter GoogleのMatterにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2026-20418 2026-02-5 15:50 2026-02-2 Show GitHub Exploit DB Packet Storm
3837 9.8 緊急
Network 		tarkov.dev Tarkov Data Manager tarkov.devのTarkov Data Managerにおける複数の脆弱性 CWE-1321
CWE-287
CWE-843
CVE-2026-21854 2026-02-5 15:49 2026-01-7 Show GitHub Exploit DB Packet Storm
3838 6.1 警告
Network 		tarkov.dev Tarkov Data Manager tarkov.devのTarkov Data Managerにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-21855 2026-02-5 15:49 2026-01-7 Show GitHub Exploit DB Packet Storm
3839 8.8 重要
Network 		tarkov.dev Tarkov Data Manager tarkov.devのTarkov Data ManagerにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-21856 2026-02-5 15:49 2026-01-7 Show GitHub Exploit DB Packet Storm
3840 5.3 警告
Network 		ajax file browser File Browserにおける複数の脆弱性 CWE-203
CWE-208
CVE-2026-23849 2026-02-5 15:49 2026-01-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
501 5.3 MEDIUM
Network 		- - Attacker can upload a malicious Sieve script over ManageSieve service (or locally) to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to deg… New CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-40016 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
502 3.1 LOW
Network 		- - Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imap_acl_allow_anyone=no. This causes folders to be spammed to all users. The impact is lim… New CWE-284
Improper Access Control 		CVE-2026-40020 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
503 4.3 MEDIUM
Network 		- - An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left op… New CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-42006 2026-05-13 00:08 2026-05-12 Show GitHub Exploit DB Packet Storm
504 8.1 HIGH
Network 		- - HireFlow v1.2 does not implement CSRF token validation on any state-changing POST endpoint. All forms (password change at /profile, candidate deletion at /candidates/delete/<id>, feedback submission … New CWE-352
 Origin Validation Error 		CVE-2026-38566 2026-05-13 00:06 2026-05-12 Show GitHub Exploit DB Packet Storm
505 9.8 CRITICAL
Network 		- - HireFlow v1.2 is vulnerable to SQL injection in the /login and /search endpoints. User-supplied input is concatenated directly into SQL queries without parameterization. An unauthenticated attacker c… New CWE-89
SQL Injection 		CVE-2026-38567 2026-05-13 00:06 2026-05-12 Show GitHub Exploit DB Packet Storm
506 6.1 MEDIUM
Network 		- - A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in… New CWE-79
Cross-site Scripting 		CVE-2025-61305 2026-05-13 00:05 2026-05-12 Show GitHub Exploit DB Packet Storm
507 6.1 MEDIUM
Network 		- - A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascr… New CWE-79
Cross-site Scripting 		CVE-2025-61306 2026-05-13 00:05 2026-05-12 Show GitHub Exploit DB Packet Storm
508 6.1 MEDIUM
Network 		- - A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in t… New CWE-79
Cross-site Scripting 		CVE-2025-61307 2026-05-13 00:05 2026-05-12 Show GitHub Exploit DB Packet Storm
509 6.1 MEDIUM
Network 		- - A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript… New CWE-79
Cross-site Scripting 		CVE-2025-61308 2026-05-13 00:05 2026-05-12 Show GitHub Exploit DB Packet Storm
510 6.1 MEDIUM
Network 		- - A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript… New CWE-79
Cross-site Scripting 		CVE-2025-61309 2026-05-13 00:05 2026-05-12 Show GitHub Exploit DB Packet Storm