Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3991 9.8 緊急
Network 		Honeywell International Inc. LenelS2 NetBox Honeywell International Inc.のLenelS2 NetBoxにおけるハードコードされたパスワードの使用に関する脆弱性 CWE-259
パスワードがハードコーディングされている 		CVE-2024-2420 2026-02-4 18:42 2024-05-30 Show GitHub Exploit DB Packet Storm
3992 9.8 緊急
Network 		Honeywell International Inc. LenelS2 NetBox Honeywell International Inc.のLenelS2 NetBoxにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2024-2421 2026-02-4 18:42 2024-05-30 Show GitHub Exploit DB Packet Storm
3993 8.8 重要
Network 		Honeywell International Inc. LenelS2 NetBox Honeywell International Inc.のLenelS2 NetBoxにおける引数の挿入または変更に関する脆弱性 CWE-88
引数の挿入または変更 		CVE-2024-2422 2026-02-4 18:42 2024-05-30 Show GitHub Exploit DB Packet Storm
3994 6.1 警告
Network 		Tiptap tiptap/extension-link Tiptapのtiptap/extension-linkにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-14284 2026-02-4 18:42 2025-12-9 Show GitHub Exploit DB Packet Storm
3995 7.5 重要
Network 		クアルコム SD730 ファームウェア
Snapdragon 820 Automotive Platform ファームウェア
snapdragon 680 4g mobile platform ファームウェア
c-v2x 9150 ファームウェア
QCM4290&n… 		クアルコムの9206 lte modem ファームウェア等の複数製品におけるバッファオーバーリードの脆弱性 CWE-126
バッファオーバーリード 		CVE-2025-21429 2026-02-4 18:42 2025-04-7 Show GitHub Exploit DB Packet Storm
3996 7.8 重要
Local 		クアルコム fastconnect 6900 ファームウェア
qcs5430 ファームウェア
WCD9370 ファームウェア
WCD9380 ファームウェア
Snapdragon 8cx Compute Platform (SC8180X-AB) ファームウェア
Snapdrag… 		クアルコムのfastconnect 6700 ファームウェア等の複数製品における境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2025-21439 2026-02-4 18:42 2025-04-7 Show GitHub Exploit DB Packet Storm
3997 9 緊急
Network 		NVIDIA NVIDIA Isaac Lab NVIDIAのNVIDIA Isaac Labにおける信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2025-33210 2026-02-4 18:42 2025-12-16 Show GitHub Exploit DB Packet Storm
3998 8.4 重要
Local 		NVIDIA NVIDIA Resiliency Extension NVIDIAのNVIDIA Resiliency ExtensionにおけるUNIX Symbolic Link のフォローに関する脆弱性 CWE-61
UNIX Symbolic Link のフォロー 		CVE-2025-33225 2026-02-4 18:42 2025-12-16 Show GitHub Exploit DB Packet Storm
3999 7 重要
Local 		NVIDIA NVIDIA Resiliency Extension NVIDIAのNVIDIA Resiliency Extensionにおける競合状態に関する脆弱性 CWE-362
競合状態 		CVE-2025-33235 2026-02-4 18:42 2025-12-16 Show GitHub Exploit DB Packet Storm
4000 4.3 警告
Network 		ZwiiCMS ZwiiCMS ZwiiCMSにおける複数の脆弱性 CWE-667
CWE-863
CVE-2025-34467 2026-02-4 18:41 2025-12-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
131 6.5 MEDIUM
Network 		microsoft windows_server_2025 Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network. New CWE-476
 NULL Pointer Dereference 		CVE-2026-34350 2026-05-15 02:44 2026-05-13 Show GitHub Exploit DB Packet Storm
132 7.0 HIGH
Local 		microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w… 		Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally. New CWE-362
Race Condition 		CVE-2026-34351 2026-05-15 02:44 2026-05-13 Show GitHub Exploit DB Packet Storm
133 6.1 MEDIUM
Network 		postorius_project postorius Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026. Update CWE-79
Cross-site Scripting 		CVE-2026-44742 2026-05-15 02:42 2026-05-8 Show GitHub Exploit DB Packet Storm
134 8.5 HIGH
Network 		n8n-mcp n8n-mcp n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer… Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42449 2026-05-15 02:37 2026-05-8 Show GitHub Exploit DB Packet Storm
135 9.8 CRITICAL
Network 		archivebox archivebox ArchiveBox is an open source self-hosted web archiving system. In versions 0.8.6rc0 and prior, the /add/ endpoint (AddView in core/views.py) accepts a config JSON field that gets merged into the craw… Update CWE-88
Argument Injection 		CVE-2026-42601 2026-05-15 02:36 2026-05-10 Show GitHub Exploit DB Packet Storm
136 8.8 HIGH
Network 		azuracast azuracast AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in the Flow.js media upload endpoint (POST /api/station/{station_id}… Update CWE-22
Path Traversal 		CVE-2026-42605 2026-05-15 02:34 2026-05-10 Show GitHub Exploit DB Packet Storm
137 8.8 HIGH
Network 		azuracast azuracast AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware unconditionally trusts the client-supplied X-Forwarded-Host HTTP header with… Update CWE-640
 Weak Password Recovery Mechanism for Forgotten Password 		CVE-2026-42606 2026-05-15 02:31 2026-05-10 Show GitHub Exploit DB Packet Storm
138 5.1 MEDIUM
Adjacent 		- - HCL AION is affected by a vulnerability where certain operations may trigger out-of-band interactions, potentially resulting in unintended disclosure of sensitive information. Such behaviour may allo… New CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2025-62305 2026-05-15 02:22 2026-05-15 Show GitHub Exploit DB Packet Storm
139 5.1 MEDIUM
Adjacent 		- - HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details,… New CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2025-62308 2026-05-15 02:22 2026-05-15 Show GitHub Exploit DB Packet Storm
140 2.6 LOW
Adjacent 		- - HCL AION is affected by a vulnerability where auto-complete functionality is enabled for certain input fields. This may allow sensitive information to be stored in the browser, potentially leading to… New CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2025-62309 2026-05-15 02:22 2026-05-15 Show GitHub Exploit DB Packet Storm