Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
4471	7.5	重要 Network	Electron	electron	Electronのelectronにおける複数の脆弱性	CWE-20 CWE-74 CWE-74	CVE-2026-34773	2026-04-24 11:44	2026-04-4	Show	GitHub Exploit DB Packet Storm

4472	8.1	重要 Network	Electron	electron	Electronのelectronにおける解放済みメモリの使用に関する脆弱性	CWE-416 解放済みメモリの使用	CVE-2026-34774	2026-04-24 11:44	2026-04-4	Show	GitHub Exploit DB Packet Storm

4473	9.8	緊急 Network	Electron	electron	Electronのelectronにおける隔離または分類に関する脆弱性	CWE-653 不適切な隔離または分類	CVE-2026-34775	2026-04-24 11:44	2026-04-4	Show	GitHub Exploit DB Packet Storm

4474	9.8	緊急 Network	Bruno Software Inc.	Bruno	Bruno Software Inc.のBrunoにおける複数の脆弱性	CWE-494 CWE-506	CVE-2026-34841	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

4475	5.3	警告 Network	Discourse	Discourse	Discourseにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2026-34947	2026-04-24 11:44	2026-04-3	Show	GitHub Exploit DB Packet Storm

4476	9.1	緊急 Network	nearform	fast-jwt	nearformのfast-jwtにおける暗号アルゴリズムの使用に関する脆弱性	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2026-34950	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

4477	4.3	警告 Network	Plunk	Plunk	PlunkにおけるCRLF インジェクションの脆弱性	CWE-93 CRLF インジェクション	CVE-2026-34975	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

4478	10	緊急 Network	dgraph	dgraph	dgraphにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-34976	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

4479	8.2	重要 Local	Vim	Vim	VimにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-34982	2026-04-24 11:44	2026-04-6	Show	GitHub Exploit DB Packet Storm

4480	6.5	警告 Network	external-secrets	external secrets operator	external-secretsのexternal secrets operatorにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2026-34984	2026-04-24 11:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
791	7.5	HIGH Network	-	-	MaxKB is an open-source AI assistant for enterprise. Prior to 2.9.0, MaxKB's webhook trigger endpoint (/api/trigger/v1/webhook/{trigger_id}) is accessible without authentication. The WebhookAuth clas… New	CWE-287 CWE-306 Improper Authentication Missing Authentication for Critical Function	CVE-2026-44847	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

792	8.2	HIGH Network	-	-	LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other ap… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-44843	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

793	5.9	MEDIUM Network	-	-	view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file … New	CWE-187 Partial String Comparison	CVE-2026-44837	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

794	7.5	HIGH Network	-	-	Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass use… New	CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-44209	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

795	4.9	MEDIUM Network	-	-	Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which a… New	CWE-202 Exposure of Sensitive Information Through Data Queries	CVE-2026-42797	2026-05-27 06:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

796	-		-	-	MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a broken access control vulnerability in the OSS file service URL fetch API (chat/api/oss/get_url). The en… New	CWE-862 Missing Authorization	CVE-2026-42337	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

797	-		-	-	MaxKB is an open-source AI assistant for enterprise. MaxKB 2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch functionality due to inconsi… New	CWE-367 CWE-918 Time-of-check Time-of-use (TOCTOU) Race Condition Server-Side Request Forgery (SSRF)	CVE-2026-42336	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

798	-		-	-	MaxKB is an open-source AI assistant for enterprise. Prior to 2.8.1, MaxKB v2.8.0 and prior are vulnerable to a server-side request forgery (SSRF) bypass in the OSS file service URL fetch (chat/api/o… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-42335	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

799	9.8	CRITICAL Network	-	-	IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the ap… New	CWE-863 Incorrect Authorization	CVE-2026-3660	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

800	-		-	-	AppLockZ App Lock and Fingerprint Lock (applock.passwordfingerprint.applockz) 4.2.11 for Android allows a local attacker with physical access to bypass the PIN lock. The lock is implemented as an ove… New	-	CVE-2025-68711	2026-05-27 06:16	2026-05-27	Show	GitHub Exploit DB Packet Storm