Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4321	6.1	警告 Network	The Go Project	Go	The Go ProjectのGoにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-27142	2026-04-23 10:14	2026-03-6	Show	GitHub Exploit DB Packet Storm

4322	5.8	警告 Network	OpenClaw	OpenClaw	OpenClawにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-28476	2026-04-23 10:14	2026-03-5	Show	GitHub Exploit DB Packet Storm

4323	8.1	重要 Network	internet routing registry daemon project	internet routing registry daemon	internet routing registry daemon projectのinternet routing registry daemonにおける複数の脆弱性	CWE-601 CWE-640	CVE-2026-28681	2026-04-23 10:14	2026-03-6	Show	GitHub Exploit DB Packet Storm

4324	8.8	重要 Network	Apache Software Foundation	Apache Airflow	Apache Software FoundationのApache Airflowにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-30898	2026-04-23 10:14	2026-04-18	Show	GitHub Exploit DB Packet Storm

4325	7.5	重要 Network	Apache Software Foundation	Apache Airflow	Apache Software FoundationのApache Airflowにおける誤った領域へのリソースの漏えいに関する脆弱性	CWE-668 誤った領域へのリソースの漏えい	CVE-2026-30912	2026-04-23 10:14	2026-04-18	Show	GitHub Exploit DB Packet Storm

4326	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows UPnP Device Host の特権の昇格の脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-32075	2026-04-23 10:14	2026-04-14	Show	GitHub Exploit DB Packet Storm

4327	7.8	重要 Local	マイクロソフト	Microsoft Windows 11 23h2 Microsoft Windows 11 26h1 Microsoft Windows Server 2025 Microsoft Windows 11 24h2 Microsoft Wind…	Windows 記憶域スペースコントローラーの特権昇格の脆弱性	CWE-125 境界外読み取り	CVE-2026-32076	2026-04-23 10:14	2026-04-14	Show	GitHub Exploit DB Packet Storm

4328	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Windows UPnP Device Host の特権の昇格の脆弱性	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-32077	2026-04-23 10:14	2026-04-14	Show	GitHub Exploit DB Packet Storm

4329	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 23h2 Microsoft Windows 11 26h1 Microsoft Windows 10 1809 Microsoft Wind…	Windows Projected File System の特権の昇格の脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-32078	2026-04-23 10:14	2026-04-14	Show	GitHub Exploit DB Packet Storm

4330	5.5	警告 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 10 1607 Microsoft Windows Server 2016 Microsoft Windows 11 23h2 Microsoft …	Web アカウントマネージャーの情報漏えいの脆弱性	CWE-200 情報漏えい	CVE-2026-32079	2026-04-23 10:14	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
341	9.8	CRITICAL Network	h2o	h2o	A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file h2o-core/src/main/java/hex/Model.java of the component JAR Handler. Performing a… New	CWE-20 CWE-502 Improper Input Validation Deserialization of Untrusted Data	CVE-2026-8751	2026-05-20 02:46	2026-05-17	Show	GitHub Exploit DB Packet Storm

342	4.8	MEDIUM Network	nozominetworks	cmc guardian	A Stored HTML Injection vulnerability was discovered in the Users functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can create a mal… New	CWE-79 Cross-site Scripting	CVE-2025-40902	2026-05-20 02:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

343	4.8	MEDIUM Network	nozominetworks	cmc guardian	A Stored HTML Injection vulnerability was discovered in the Schedule Restore Archive functionality due to improper validation of an input parameter. An authenticated user with administrative privileg… New	CWE-79 Cross-site Scripting	CVE-2025-40903	2026-05-20 02:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

344	5.3	MEDIUM Network	h2o	h2o	A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the compon… New	CWE-266 CWE-284 NVD-CWE-noinfo Incorrect Privilege Assignment Improper Access Control	CVE-2026-8752	2026-05-20 02:44	2026-05-17	Show	GitHub Exploit DB Packet Storm

345	5.4	MEDIUM Network	nozominetworks	cmc guardian	A Stored HTML Injection vulnerability was discovered in the Smart Polling functionality due to improper validation of an input parameter. An authenticated user with limited privileges can push malici… New	CWE-79 Cross-site Scripting	CVE-2025-40904	2026-05-20 02:41	2026-05-19	Show	GitHub Exploit DB Packet Storm

346	4.8	MEDIUM Network	mattermost	mattermost_server	Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to escape some variables that could contain malicious content during error page composition which allows an attacker with access to edit… New	CWE-79 Cross-site Scripting	CVE-2026-3495	2026-05-20 02:37	2026-05-18	Show	GitHub Exploit DB Packet Storm

347	4.3	MEDIUM Network	mattermost	mattermost_server	Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to check the create_post channel permission during post edit operations which allows an authenticated attacker with re… New	CWE-862 Missing Authorization	CVE-2026-3637	2026-05-20 02:34	2026-05-18	Show	GitHub Exploit DB Packet Storm

348	3.3	LOW Local	continue	continue	A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulat… New	CWE-22 Path Traversal	CVE-2026-8770	2026-05-20 02:30	2026-05-18	Show	GitHub Exploit DB Packet Storm

349	7.5	HIGH Network	google	chrome	Integer overflow in Skia in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted … Update	CWE-472 External Control of Assumed-Immutable Web Parameter	CVE-2026-8510	2026-05-20 02:29	2026-05-15	Show	GitHub Exploit DB Packet Storm

350	4.3	MEDIUM Network	google	chrome	Insufficient policy enforcement in Payments in Google Chrome on Android prior to 148.0.7778.168 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium sec… Update	CWE-284 Improper Access Control	CVE-2026-8566	2026-05-20 02:29	2026-05-15	Show	GitHub Exploit DB Packet Storm