Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
4051 8.1 重要
Network 		SysAdmins Media HomeBox SysAdmins MediaのHomeBoxにおける不適切な所有権の割り当てに関する脆弱性 CWE-708
不適切な所有権の割り当て 		CVE-2026-40196 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4052 2.7
Network 		OpenBao OpenBao OpenBaoにおけるセキュリティトークンの割り当ての制限に関する脆弱性 CWE-1259
セキュリティトークンの割り当ての不適切な制限 		CVE-2026-40264 2026-04-27 10:48 2026-04-21 Show GitHub Exploit DB Packet Storm
4053 4.3 警告
Network 		dnnsoftware dotnetnuke dnnsoftwareのdotnetnukeにおける認可に関する脆弱性 CWE-285
不適切な認可 		CVE-2026-40305 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4054 6.5 警告
Network 		dnnsoftware dotnetnuke dnnsoftwareのdotnetnukeにおける不十分なランダム値の使用に関する脆弱性 CWE-330
不十分なランダム値の使用 		CVE-2026-40306 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4055 8 重要
Network 		dnnsoftware dotnetnuke dnnsoftwareのdotnetnukeにおける代替 XSS 構文の不適切な無効化に関する脆弱性 CWE-87
代替 XSS 構文の不適切な無効化 		CVE-2026-40321 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4056 5.3 警告
Network 		The FastAPI Expert python-multipart The FastAPI Expertのpython-multipartにおける複数の脆弱性 CWE-400
CWE-834
CVE-2026-40347 2026-04-27 10:48 2026-04-18 Show GitHub Exploit DB Packet Storm
4057 5.4 警告
Network 		wger wger wger Projectのwgerにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40353 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4058 7.6 重要
Network 		wger wger wger Projectのwgerにおける複数の脆弱性 CWE-284
CWE-862
CVE-2026-40474 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4059 9 緊急
Network 		Thymeleaf Thymeleaf Thymeleafにおける複数の脆弱性 CWE-1336
CWE-917
CVE-2026-40477 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
4060 9 緊急
Network 		Thymeleaf Thymeleaf Thymeleafにおける複数の脆弱性 CWE-1336
CWE-917
CVE-2026-40478 2026-04-27 10:47 2026-04-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
881 9.8 CRITICAL
Network 		netty netty Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both… CWE-444
HTTP Request Smuggling 		CVE-2026-42581 2026-05-18 22:14 2026-05-14 Show GitHub Exploit DB Packet Storm
882 9.8 CRITICAL
Network 		espressif arduino-esp32 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a … CWE-121
Stack-based Buffer Overflow 		CVE-2026-42854 2026-05-18 22:09 2026-05-13 Show GitHub Exploit DB Packet Storm
883 8.8 HIGH
Network 		mongodb mongodb An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu… CWE-787
 Out-of-bounds Write 		CVE-2026-8053 2026-05-18 22:06 2026-05-13 Show GitHub Exploit DB Packet Storm
884 7.5 HIGH
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle… CWE-362
Race Condition 		CVE-2026-42594 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
885 8.2 HIGH
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames t… CWE-73
CWE-184
 External Control of File Name or Path
 Incomplete Blacklist 		CVE-2026-40893 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
886 8.2 HIGH
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42591 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
887 5.9 MEDIUM
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers… CWE-73
CWE-918
 External Control of File Name or Path
Server-Side Request Forgery (SSRF)  		CVE-2026-42597 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
888 5.3 MEDIUM
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only th… CWE-367
CWE-918
 Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)  		CVE-2026-42592 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
889 9.8 CRITICAL
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to E… CWE-78
OS Command  		CVE-2026-42589 2026-05-18 22:01 2026-05-15 Show GitHub Exploit DB Packet Storm
890 5.3 MEDIUM
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/… CWE-22
CWE-73
Path Traversal
 External Control of File Name or Path 		CVE-2026-42593 2026-05-18 22:01 2026-05-15 Show GitHub Exploit DB Packet Storm