Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 12:09 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4151	6.5	警告 Network	workdo	HRM SaaS	WorkDoのHRM SaaSにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-63294	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

4152	7.5	重要 Network	kiloview	E3 Firmware	Kiloview Electronics Co., Ltd.のE3 Firmwareにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-63560	2026-02-6 10:40	2025-11-6	Show	GitHub Exploit DB Packet Storm

4153	6.5	警告 Network	GuoMinJim	PersonManage	GuoMinJimのPersonManageにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2025-63686	2026-02-6 10:40	2025-11-7	Show	GitHub Exploit DB Packet Storm

4154	5.4	警告 Network	Magento, Inc.	E-Commerce	Bhabishya-123のE-commerceにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-63883	2026-02-6 10:40	2025-11-18	Show	GitHub Exploit DB Packet Storm

4155	5.3	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-64318	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

4156	5.3	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2025-64319	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

4157	6.5	警告 Network	Salesforce.com, inc.	Agentforce Vibes	Salesforce.com, inc.のAgentforce Vibesにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-64320	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

4158	5.3	警告 Network	Salesforce.com, inc.	Agentforce Vibes	Salesforce.com, inc.のAgentforce Vibesにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-64321	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

4159	5.3	警告 Network	Salesforce.com, inc.	Agentforce Vibes	Salesforce.com, inc.のAgentforce Vibesにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2025-64322	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

4160	5.6	警告 Local	Synology Inc.	BeeDrive	Synology Inc.のBeeDriveにおける同一生成元ポリシー違反に関する脆弱性	CWE-346 同一生成元ポリシー違反	CVE-2025-8074	2026-02-6 10:40	2025-12-4	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
341	9.1	CRITICAL Network	opnsense	opnsense	OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.7, the XMLRPC method opnsense.restore_config_section fails to sanitize user supplied input leading to Remote Code Execution. T… Update	CWE-88 Argument Injection	CVE-2026-44193	2026-05-16 02:30	2026-05-14	Show	GitHub Exploit DB Packet Storm

342	4.7	MEDIUM Network	lfprojects	mcp_registry	The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.6, the client-side and server-side GitHub OIDC flow is bound only to a global audienc… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-44428	2026-05-16 02:23	2026-05-15	Show	GitHub Exploit DB Packet Storm

343	9.1	CRITICAL Network	opnsense	opnsense	OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution (RCE) vulnerability in the OPNsense core allows a user with user-management privileg… Update	CWE-78 OS Command	CVE-2026-44194	2026-05-16 02:19	2026-05-14	Show	GitHub Exploit DB Packet Storm

344	7.5	HIGH Network	-	-	After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the se… Update	CWE-416 Use After Free	CVE-2026-8336	2026-05-16 02:16	2026-05-13	Show	GitHub Exploit DB Packet Storm

345	7.4	HIGH Network	-	-	Microsoft APM is an open-source, community-driven dependency manager for AI agents. From 0.5.4 to 0.12.4, two primitive integrators in apm-cli enumerate package files with bare Path.glob() / Path.rgl… New	CWE-59 CWE-200 Link Following Information Exposure	CVE-2026-45539	2026-05-16 02:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

346	7.1	HIGH Network	-	-	Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.232, Tabby's terminal linkifier passes any detected URI directly to the operating system's protocol handler without … New	CWE-184 CWE-601 Incomplete Blacklist Open Redirect	CVE-2026-45037	2026-05-16 02:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

347	-		-	-	Traefik is an HTTP reverse proxy and load balancer. Prior to 2.11.46, 3.6.17, and 3.7.1, Traefik's Kubernetes Gateway API provider allows a tenant with HTTPRoute creation permissions to expose the RE… New	CWE-284 Improper Access Control	CVE-2026-44774	2026-05-16 02:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

348	9.8	CRITICAL Network	-	-	MCP Calculate Server is a mathematical calculation service based on MCP protocol and SymPy library. Prior to 0.1.1, the use of eval() to evaluate mathematical expressions without proper input sanitiz… New	CWE-94 Code Injection	CVE-2026-44717	2026-05-16 02:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

349	7.5	HIGH Network	-	-	The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH… New	CWE-347 Improper Verification of Cryptographic Signature	CVE-2026-44714	2026-05-16 02:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

350	5.4	MEDIUM Network	-	-	Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. From 0.4.0 to before 0.15.0, CertVerifier.Verify() in pkg/git/verifier.go unconditionally dereference… New	CWE-129 CWE-390 Improper Validation of Array Index Detection of Error Condition Without Action	CVE-2026-44310	2026-05-16 02:16	2026-05-16	Show	GitHub Exploit DB Packet Storm