Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 24, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
4031 5.4 警告
Network 		GitLab.org GitLab GitLab.orgのGitLabにおけるセッション期限に関する脆弱性 CWE-613
不適切なセッション期限 		CVE-2026-6515 2026-04-27 11:19 2026-04-22 Show GitHub Exploit DB Packet Storm
4032 8.8 重要
Network 		CPS-IT Mailqueue CPS-ITのMailqueueにおける信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2026-1323 2026-04-27 11:19 2026-03-17 Show GitHub Exploit DB Packet Storm
4033 6.5 警告
Network 		Linux Foundation Backstage/plugin-scaffolder-backend Linux FoundationのBackstage/plugin-scaffolder-backendにおけるログファイルからの情報漏えいに関する脆弱性 CWE-532
ログファイルからの情報漏えい 		CVE-2026-29184 2026-04-27 11:19 2026-03-7 Show GitHub Exploit DB Packet Storm
4034 4.3 警告
Network 		Guido Schmechel (ayacoo) redirect_tab Guido Schmechel (ayacoo)のredirect_tabにおける複数の脆弱性 CWE-200
CWE-862
CWE-862
CVE-2026-4202 2026-04-27 11:19 2026-03-17 Show GitHub Exploit DB Packet Storm
4035 8.8 重要
Network 		Ralf Freit (MrSilaz) mfa_mail Ralf Freit (MrSilaz)のmfa_mailにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-4208 2026-04-27 11:19 2026-03-17 Show GitHub Exploit DB Packet Storm
4036 8.1 重要
Network 		HashiCorp Vault HashiCorpのVaultにおける代替パスまたはチャネルを使用した認証回避に関する脆弱性 CWE-288
代替パスまたはチャネルを使用した認証回避 		CVE-2026-3605 2026-04-27 11:19 2026-04-17 Show GitHub Exploit DB Packet Storm
4037 9.4 緊急
Network 		dgraph dgraph dgraphにおける複数の脆弱性 CWE-200
CWE-215
CWE-522
CVE-2026-40173 2026-04-27 11:19 2026-04-15 Show GitHub Exploit DB Packet Storm
4038 7.8 重要
Local 		Composer Composer Composerにおける複数の脆弱性 CWE-20
CWE-78
CWE-78
CVE-2026-40176 2026-04-27 11:19 2026-04-15 Show GitHub Exploit DB Packet Storm
4039 6.1 警告
Network 		Apostrophe Technologies sanitize-html
ApostropheCMS 		Apostrophe TechnologiesのApostropheCMS等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40186 2026-04-27 11:18 2026-04-15 Show GitHub Exploit DB Packet Storm
4040 8.8 重要
Network 		Composer Composer Composerにおける複数の脆弱性 CWE-20
CWE-78
CWE-78
CVE-2026-40261 2026-04-27 11:18 2026-04-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1041 6.5 MEDIUM
Network 		- - Mattermost Plugins versions <=11.5 11.1.5 10.13.11 11.3.4.0 fail to properly check for permissions when processing commands in the Gitlab plugin which allows normal users to uninstall instances or se… CWE-862
 Missing Authorization 		CVE-2026-3117 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1042 6.5 MEDIUM
Network 		- - Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent an invalid URL from loading in a pop-up window in the Mattermost Desktop App which allows a malicious server owner to repeated cra… CWE-939
 Improper Authorization in Handler for Custom URL Scheme 		CVE-2026-3471 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1043 3.1 LOW
Network 		- - Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to check if {{team_id}} was being changed when updating playbooks, allowing users with only {{Manage Playbook Configurations}} permissio… CWE-863
 Incorrect Authorization 		CVE-2026-4286 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1044 3.5 LOW
Network 		- - Mattermost Desktop App versions <=6.1 6.0.1 5.4.13.0 fail to prevent server-rendered content from closing an underlying application view in the Mattermost Desktop App which allows a malicious server … CWE-754
 Improper Check for Unusual or Exceptional Conditions 		CVE-2026-4643 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1045 6.5 MEDIUM
Network 		- - Mattermost versions 11.5.x <= 11.5.1 fail to verify channel membership when processing AI-assisted message rewrites which allows an authenticated attacker to read the content of threads in private ch… CWE-862
 Missing Authorization 		CVE-2026-5163 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1046 4.3 MEDIUM
Network 		- - Mattermost versions 11.5.x <= 11.5.1, 11.4.x <= 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the revea… CWE-346
 Origin Validation Error 		CVE-2026-6339 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1047 4.3 MEDIUM
Network 		- - Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check public/private permissions which allows members without these permissions to access public playbooks via /get… CWE-863
 Incorrect Authorization 		CVE-2026-6343 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1048 6.5 MEDIUM
Network 		- - Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail prevent disclosure of created user password which allows a malicious attacker to impersonate a user via the use of som… CWE-522
 Insufficiently Protected Credentials 		CVE-2026-6345 2026-05-19 02:32 2026-05-18 Show GitHub Exploit DB Packet Storm
1049 6.4 MEDIUM
Network 		- - Savsoft Quiz 5.0 contains a persistent cross-site scripting vulnerability in the user account settings page that allows authenticated attackers to inject malicious HTML and JavaScript code. Attackers… CWE-79
Cross-site Scripting 		CVE-2021-47962 2026-05-19 02:32 2026-05-16 Show GitHub Exploit DB Packet Storm
1050 7.2 HIGH
Network 		- - Anote 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to execute arbitrary code by injecting malicious payloads into markdown files stored within the application. A… CWE-79
Cross-site Scripting 		CVE-2021-47963 2026-05-19 02:32 2026-05-16 Show GitHub Exploit DB Packet Storm