Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3851	9.1	緊急 Network	Rapid7	velociraptor	Rapid7のvelociraptorにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-6290	2026-04-27 11:19	2026-04-15	Show	GitHub Exploit DB Packet Storm

3852	5.3	警告 Network	fastify	fastify-static	fastifyのfastify-staticにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-6410	2026-04-27 11:19	2026-04-16	Show	GitHub Exploit DB Packet Storm

3853	5.9	警告 Network	fastify	fastify-static	fastifyのfastify-staticにおけるURL エンコーディング（16進エンコーディング）の処理に関する脆弱性	CWE-177 URLエンコーディング（16進エンコーディング）の不適切な処理	CVE-2026-6414	2026-04-27 11:19	2026-04-16	Show	GitHub Exploit DB Packet Storm

3854	5.4	警告 Network	GitLab.org	GitLab	GitLab.orgのGitLabにおけるセッション期限に関する脆弱性	CWE-613 不適切なセッション期限	CVE-2026-6515	2026-04-27 11:19	2026-04-22	Show	GitHub Exploit DB Packet Storm

3855	8.8	重要 Network	CPS-IT	Mailqueue	CPS-ITのMailqueueにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-1323	2026-04-27 11:19	2026-03-17	Show	GitHub Exploit DB Packet Storm

3856	6.5	警告 Network	Linux Foundation	Backstage/plugin-scaffolder-backend	Linux FoundationのBackstage/plugin-scaffolder-backendにおけるログファイルからの情報漏えいに関する脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2026-29184	2026-04-27 11:19	2026-03-7	Show	GitHub Exploit DB Packet Storm

3857	4.3	警告 Network	Guido Schmechel (ayacoo)	redirect_tab	Guido Schmechel (ayacoo)のredirect_tabにおける複数の脆弱性	CWE-200 CWE-862 CWE-862	CVE-2026-4202	2026-04-27 11:19	2026-03-17	Show	GitHub Exploit DB Packet Storm

3858	8.8	重要 Network	Ralf Freit (MrSilaz)	mfa_mail	Ralf Freit (MrSilaz)のmfa_mailにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-4208	2026-04-27 11:19	2026-03-17	Show	GitHub Exploit DB Packet Storm

3859	8.1	重要 Network	HashiCorp	Vault	HashiCorpのVaultにおける代替パスまたはチャネルを使用した認証回避に関する脆弱性	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-3605	2026-04-27 11:19	2026-04-17	Show	GitHub Exploit DB Packet Storm

3860	9.4	緊急 Network	dgraph	dgraph	dgraphにおける複数の脆弱性	CWE-200 CWE-215 CWE-522	CVE-2026-40173	2026-04-27 11:19	2026-04-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 22, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1051	6.3	MEDIUM Network	-	-	ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con… Update	CWE-94 Code Injection	CVE-2025-67031	2026-05-19 01:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

1052	5.5	MEDIUM Adjacent	google	chrome	Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: … Update	CWE-284 Improper Access Control	CVE-2026-8586	2026-05-19 00:28	2026-05-15	Show	GitHub Exploit DB Packet Storm

1053	7.5	HIGH Network	fleetdm	fleet	Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien… Update	CWE-290 Authentication Bypass by Spoofing	CVE-2026-46356	2026-05-19 00:27	2026-05-15	Show	GitHub Exploit DB Packet Storm

1054	6.5	MEDIUM Network	webpack.js	webpack-dev-server	webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r… Update	CWE-749 Exposed Dangerous Method or Function	CVE-2026-6402	2026-05-19 00:23	2026-05-12	Show	GitHub Exploit DB Packet Storm

1055	5.3	MEDIUM Network	-	-	### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha… Update	CWE-476 NULL Pointer Dereference	CVE-2026-8723	2026-05-19 00:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

1056	7.8	HIGH Local	amd	radeon_software cleanup_utility	A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Update	CWE-427 Uncontrolled Search Path Element	CVE-2024-36333	2026-05-19 00:15	2026-05-15	Show	GitHub Exploit DB Packet Storm

1057	8.8	HIGH Network	postgresql	postgresql	Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if… Update	CWE-89 CWE-121 SQL Injection Stack-based Buffer Overflow	CVE-2026-6637	2026-05-19 00:05	2026-05-14	Show	GitHub Exploit DB Packet Storm

1058	4.3	MEDIUM Network	postgresql	postgresql	Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain… Update	CWE-126 Buffer Over-read	CVE-2026-6575	2026-05-19 00:04	2026-05-14	Show	GitHub Exploit DB Packet Storm

1059	7.5	HIGH Network	postgresql	postgresql	Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disable… Update	CWE-674 Uncontrolled Recursion	CVE-2026-6479	2026-05-19 00:04	2026-05-14	Show	GitHub Exploit DB Packet Storm

1060	6.5	MEDIUM Network	postgresql	postgresql	Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 … Update	CWE-385 Covert Timing Channel	CVE-2026-6478	2026-05-19 00:03	2026-05-14	Show	GitHub Exploit DB Packet Storm