Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 18, 2026, 12:09 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
4141 6.1 警告
Network 		nuxt Nuxt Devtools nuxtのNuxt Devtoolsにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-52662 2026-02-6 10:40 2025-11-7 Show GitHub Exploit DB Packet Storm
4142 7.8 重要
Local 		Synology Inc. BeeDrive Synology Inc.のBeeDriveにおける重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2025-54158 2026-02-6 10:40 2025-12-4 Show GitHub Exploit DB Packet Storm
4143 7.5 重要
Network 		Synology Inc. BeeDrive Synology Inc.のBeeDriveにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2025-54159 2026-02-6 10:40 2025-12-4 Show GitHub Exploit DB Packet Storm
4144 7.8 重要
Local 		Synology Inc. BeeDrive Synology Inc.のBeeDriveにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-54160 2026-02-6 10:40 2025-12-4 Show GitHub Exploit DB Packet Storm
4145 9.8 緊急
Network 		ThemeMove UniCamp ThemeMoveのWordPress用UniCampにおけるPHP リモートファイルインクルージョンの脆弱性 CWE-98
PHP リモートファイルインクルージョン 		CVE-2025-54701 2026-02-6 10:40 2025-08-14 Show GitHub Exploit DB Packet Storm
4146 5.3 警告
Network 		Codeshare Codeshare Codeshareにおける情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2025-60925 2026-02-6 10:40 2025-11-4 Show GitHub Exploit DB Packet Storm
4147 6.1 警告
Network 		Zucchetti s.p.a. Infinity Zucchetti
ZMaintenance Infinity 		Zucchetti s.p.a.のZMaintenance Infinity等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-61431 2026-02-6 10:40 2025-11-4 Show GitHub Exploit DB Packet Storm
4148 9.1 緊急
Network 		Shopify remix-run/deno
@remix-run/node
@react-router/node 		Shopifyの@react-router/node等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-61686 2026-02-6 10:40 2026-01-10 Show GitHub Exploit DB Packet Storm
4149 9.8 緊急
Network 		EUROLAB srl ELTS 100 Firmware EUROLAB srlのELTS 100 Firmwareにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2025-63225 2026-02-6 10:40 2025-11-18 Show GitHub Exploit DB Packet Storm
4150 3.5
Adjacent 		Freebox Freebox One Firmware
Freebox v5 HD Firmware
Freebox v5 Crystal Firmware
Freebox v6 Revolution Firmware
Freebox Mini 4K&nbs… 		FreeboxのFreebox Mini 4K Firmware等の複数製品における重要な情報の平文での送信に関する脆弱性 CWE-319
重要な情報の平文での送信 		CVE-2025-63292 2026-02-6 10:40 2025-11-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
381 9.8 CRITICAL
Network 		microsoft windows_server_2012
windows_server_2016
windows_server_2019
windows_server_2022
windows_server_2022_23h2
windows_server_2025 		Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. Update CWE-121
Stack-based Buffer Overflow 		CVE-2026-41089 2026-05-16 00:42 2026-05-13 Show GitHub Exploit DB Packet Storm
382 7.8 HIGH
Local 		microsoft windows_server_2012
windows_server_2016
windows_server_2019
windows_server_2022
windows_server_2022_23h2
windows_server_2025 		Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally. Update CWE-416
 Use After Free 		CVE-2026-41095 2026-05-16 00:40 2026-05-13 Show GitHub Exploit DB Packet Storm
383 9.8 CRITICAL
Network 		microsoft windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2022_23h2
windows_server_2025 		Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network. Update CWE-122
Heap-based Buffer Overflow 		CVE-2026-41096 2026-05-16 00:38 2026-05-13 Show GitHub Exploit DB Packet Storm
384 6.7 MEDIUM
Local 		microsoft windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2019
windows_server_2022
windows_server_2022_… 		Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. Update CWE-1329
 Reliance on Component That is Not Updateable 		CVE-2026-41097 2026-05-16 00:36 2026-05-13 Show GitHub Exploit DB Packet Storm
385 7.8 HIGH
Local 		microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w… 		Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. Update CWE-416
 Use After Free 		CVE-2026-40382 2026-05-16 00:32 2026-05-13 Show GitHub Exploit DB Packet Storm
386 7.8 HIGH
Local 		microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w… 		Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Update CWE-191
 Integer Underflow (Wrap or Wraparound) 		CVE-2026-40397 2026-05-16 00:28 2026-05-13 Show GitHub Exploit DB Packet Storm
387 7.4 HIGH
Network 		microsoft edge_chromium External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network. Update CWE-73
CWE-610
 External Control of File Name or Path
Externally Controlled Reference to a Resource in Another Sphere 		CVE-2026-41107 2026-05-16 00:28 2026-05-13 Show GitHub Exploit DB Packet Storm
388 7.8 HIGH
Local 		microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2012
windows_server_2016
w… 		Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Update CWE-122
Heap-based Buffer Overflow 		CVE-2026-40398 2026-05-16 00:27 2026-05-13 Show GitHub Exploit DB Packet Storm
389 8.8 HIGH
Network 		microsoft visual_studio_code Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature ove… Update CWE-74
Injection 		CVE-2026-41109 2026-05-16 00:27 2026-05-13 Show GitHub Exploit DB Packet Storm
390 7.8 HIGH
Local 		microsoft windows_10_1607
windows_10_1809
windows_10_21h2
windows_10_22h2
windows_11_23h2
windows_11_24h2
windows_11_25h2
windows_11_26h1
windows_server_2016
windows_server_2019
w… 		Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Update CWE-121
Stack-based Buffer Overflow 		CVE-2026-40399 2026-05-16 00:26 2026-05-13 Show GitHub Exploit DB Packet Storm