Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 15, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
4051 9.8 緊急
Network 		angeljudesuarez School Management System Project In PHP Source Code Angel Jude Reyes SuarezのSchool Management System Project In PHP Source Codeにおける複数の脆弱性 CWE-74
CWE-89
CVE-2026-1590 2026-02-4 18:39 2026-01-29 Show GitHub Exploit DB Packet Storm
4052 7.9 重要
Network 		Atlassian Crowd AtlassianのCrowdにおけるXML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2026-21569 2026-02-4 18:39 2026-01-28 Show GitHub Exploit DB Packet Storm
4053 6.5 警告
Network 		Chainlit Chainlit Chainlitにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2026-22218 2026-02-4 18:39 2026-01-20 Show GitHub Exploit DB Packet Storm
4054 7.7 重要
Network 		Chainlit Chainlit Chainlitにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-22219 2026-02-4 18:39 2026-01-20 Show GitHub Exploit DB Packet Storm
4055 6.1 警告
Local 		OpenSSL Project OpenSSL OpenSSL ProjectのOpenSSLにおける複数の脆弱性 CWE-476
CWE-787
CVE-2025-11187 2026-02-4 18:39 2026-01-27 Show GitHub Exploit DB Packet Storm
4056 9.8 緊急
Network 		OpenSSL Project OpenSSL OpenSSL ProjectのOpenSSLにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2025-15467 2026-02-4 18:39 2026-01-27 Show GitHub Exploit DB Packet Storm
4057 5.9 警告
Network 		OpenSSL Project OpenSSL OpenSSL ProjectのOpenSSLにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2025-15468 2026-02-4 18:39 2026-01-27 Show GitHub Exploit DB Packet Storm
4058 5.5 警告
Local 		OpenSSL Project OpenSSL OpenSSL ProjectのOpenSSLにおけるデジタル署名の検証に関する脆弱性 CWE-347
デジタル署名の不適切な検証 		CVE-2025-15469 2026-02-4 18:39 2026-01-27 Show GitHub Exploit DB Packet Storm
4059 5.9 警告
Network 		OpenSSL Project OpenSSL OpenSSL ProjectのOpenSSLにおける過剰なサイズ値のメモリ割り当てに関する脆弱性 CWE-789
過剰なサイズ値のメモリ割り当て 		CVE-2025-66199 2026-02-4 18:39 2026-01-27 Show GitHub Exploit DB Packet Storm
4060 4.7 警告
Local 		OpenSSL Project OpenSSL OpenSSL ProjectのOpenSSLにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2025-68160 2026-02-4 18:39 2026-01-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
31 8.6 HIGH
Network 		vercel next.js Next.js is a React framework for building full-stack web applications. From 13.4.13 to before 15.5.16 and 16.2.5, self-hosted applications using the built-in Node.js server can be vulnerable to serve… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44578 2026-05-15 03:34 2026-05-14 Show GitHub Exploit DB Packet Storm
32 7.5 HIGH
Network 		argoproj argo_workflows Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions 3.7.14 and 4.0.5, the Webhook Interceptor loads the entire request b… Update CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-42294 2026-05-15 03:34 2026-05-9 Show GitHub Exploit DB Packet Storm
33 7.5 HIGH
Network 		vercel next.js Next.js is a React framework for building full-stack web applications. From to before 15.5.16 and 16.2.5, applications using Partial Prerendering through the Cache Components feature can be vulnerab… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-44579 2026-05-15 03:34 2026-05-14 Show GitHub Exploit DB Packet Storm
34 6.1 MEDIUM
Network 		vercel next.js Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be… New CWE-79
Cross-site Scripting 		CVE-2026-44580 2026-05-15 03:33 2026-05-14 Show GitHub Exploit DB Packet Storm
35 7.5 HIGH
Network 		- - Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second factor flow, leading to impersonation. New CWE-253
 Incorrect Check of Function Return Value 		CVE-2026-46419 2026-05-15 03:31 2026-05-14 Show GitHub Exploit DB Packet Storm
36 - - - Nextcloud News is an RSS/Atom feed reader. Prior to 28.3.0-beta.1, Nextcloud News allows authenticated users to add feeds by providing a feed URL (via the web interface or the API). In affected versi… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44515 2026-05-15 03:31 2026-05-15 Show GitHub Exploit DB Packet Storm
37 6.5 MEDIUM
Network 		- - Kubetail is a real-time logging dashboard for Kubernetes. Prior to 0.14.0, Kubetail's dashboard exposes WebSocket endpoints that did not adequately validate the Origin header on connection upgrade. A… New CWE-1385
 Missing Origin Validation in WebSockets 		CVE-2026-44514 2026-05-15 03:31 2026-05-15 Show GitHub Exploit DB Packet Storm
38 8.6 HIGH
Network 		- - Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints. New CWE-250
 Execution with Unnecessary Privileges 		CVE-2026-29205 2026-05-15 03:30 2026-05-14 Show GitHub Exploit DB Packet Storm
39 8.2 HIGH
Network 		- - SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials. New CWE-295
Improper Certificate Validation  		CVE-2026-32992 2026-05-15 03:30 2026-05-14 Show GitHub Exploit DB Packet Storm
40 4.3 MEDIUM
Network 		- - In OpenStack Ironic through 35.x before a3f6d73, during image handling, an infinite loop in checksum calculations can occur via the file:///dev/zero URL. New CWE-696
 Incorrect Behavior Order 		CVE-2026-44919 2026-05-15 03:30 2026-05-14 Show GitHub Exploit DB Packet Storm