JVN Vulnerability Search Top
Show Search Menu
|
You can search the list of vulnerabilities managed by JVN (Japan Vulnerability Note). |
Update Date:April 27, 2026, 8:58 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 401 | 6.5 |
警告
Network |
dnnsoftware | dotnetnuke | dnnsoftwareのdotnetnukeにおける不十分なランダム値の使用に関する脆弱性 New |
CWE-330
Use of Insufficiently Random Values |
CVE-2026-40306 | 2026-04-27 10:48 | 2026-04-17 | Show | GitHub Exploit DB Packet Storm |
| 402 | 8 |
重要
Network |
dnnsoftware | dotnetnuke | dnnsoftwareのdotnetnukeにおける代替 XSS 構文の不適切な無効化に関する脆弱性 New |
CWE-87
Improper Neutralization of Alternate XSS Syntax |
CVE-2026-40321 | 2026-04-27 10:48 | 2026-04-17 | Show | GitHub Exploit DB Packet Storm |
| 403 | 5.3 |
警告
Network |
The FastAPI Expert | python-multipart | The FastAPI Expertのpython-multipartにおける複数の脆弱性 New |
CWE-400 CWE-834 Uncontrolled Resource Consumption Excessive Iteration |
CVE-2026-40347 | 2026-04-27 10:48 | 2026-04-18 | Show | GitHub Exploit DB Packet Storm |
| 404 | 5.4 |
警告
Network |
wger | wger | wger Projectのwgerにおけるクロスサイトスクリプティングの脆弱性 New |
CWE-79
Cross-site Scripting |
CVE-2026-40353 | 2026-04-27 10:48 | 2026-04-17 | Show | GitHub Exploit DB Packet Storm |
| 405 | 7.6 |
重要
Network |
wger | wger | wger Projectのwgerにおける複数の脆弱性 New |
CWE-284 CWE-862 Improper Access Control Missing Authorization |
CVE-2026-40474 | 2026-04-27 10:48 | 2026-04-17 | Show | GitHub Exploit DB Packet Storm |
| 406 | 9 |
緊急
Network |
Thymeleaf | Thymeleaf | Thymeleafにおける複数の脆弱性 New |
CWE-1336 CWE-917 Improper Neutralization of Special Elements Used in a Template Engine Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
CVE-2026-40477 | 2026-04-27 10:48 | 2026-04-17 | Show | GitHub Exploit DB Packet Storm |
| 407 | 9 |
緊急
Network |
Thymeleaf | Thymeleaf | Thymeleafにおける複数の脆弱性 New |
CWE-1336 CWE-917 Improper Neutralization of Special Elements Used in a Template Engine Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') |
CVE-2026-40478 | 2026-04-27 10:47 | 2026-04-17 | Show | GitHub Exploit DB Packet Storm |
| 408 | 7.1 |
重要
Local |
Craig J. Bass (craigjbass) | ClearanceKit | Craig J. Bass (craigjbass)のClearanceKitにおける不正な認証に関する脆弱性 New |
CWE-863
Incorrect Authorization |
CVE-2026-40599 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 409 | 4.4 |
警告
Local |
Craig J. Bass (craigjbass) | ClearanceKit | Craig J. Bass (craigjbass)のClearanceKitにおける保護メカニズムの不具合に関する脆弱性 New |
CWE-693
Protection Mechanism Failure |
CVE-2026-40604 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 410 | 4.8 |
警告
Network |
mitmproxy | mitmproxy | mitmproxyにおけるLDAP インジェクションの脆弱性 New |
CWE-90
LDAP Injection |
CVE-2026-40606 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 411 | 7.5 |
重要
Network |
coturn project | coturn | coturn projectのcoturnにおける不正な型変換に関する脆弱性 New |
CWE-704
Incorrect Type Conversion or Cast |
CVE-2026-40613 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 412 | 8.8 |
重要
Network |
goshs | goshs | goshsにおけるパストラバーサルの脆弱性 New |
CWE-22
Path Traversal |
CVE-2026-40876 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 413 | 7.5 |
重要
Network |
- | NestJSにおける再帰制御に関する脆弱性 New |
CWE-674
Uncontrolled Recursion |
CVE-2026-40879 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm | |
| 414 | 7.6 |
重要
Network |
openremote | openremote | openremoteにおけるXML 外部エンティティの脆弱性 New |
CWE-611
XXE |
CVE-2026-40882 | 2026-04-27 10:47 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 415 | 8.3 |
重要
Network |
WWBN | AVideo | WWBNのAVideoにおけるクロスサイトリクエストフォージェリの脆弱性 New |
CWE-352
Origin Validation Error |
CVE-2026-40925 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 416 | 8.3 |
重要
Network |
RustFS | RustFS | RustFSにおける認証の欠如に関する脆弱性 New |
CWE-862
Missing Authorization |
CVE-2026-40937 | 2026-04-27 10:47 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 417 | 7.1 |
重要
Network |
WWBN | AVideo | WWBNのAVideoにおける同一生成元ポリシー違反に関する脆弱性 New |
CWE-346
Origin Validation Error |
CVE-2026-41057 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 418 | 8.1 |
重要
Network |
WWBN | AVideo | WWBNのAVideoにおけるパストラバーサルの脆弱性 New |
CWE-22
Path Traversal |
CVE-2026-41058 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 419 | 6.5 |
警告
Network |
WWBN | AVideo | WWBNのAVideoにおけるサーバサイドのリクエストフォージェリの脆弱性 New |
CWE-918
Server-Side Request Forgery (SSRF) |
CVE-2026-41060 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 420 | 5.4 |
警告
Network |
WWBN | AVideo | WWBNのAVideoにおけるクロスサイトスクリプティングの脆弱性 New |
CWE-79
Cross-site Scripting |
CVE-2026-41061 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 421 | 6.5 |
警告
Network |
WWBN | AVideo | WWBNのAVideoにおけるパストラバーサルの脆弱性 New |
CWE-22
Path Traversal |
CVE-2026-41062 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 422 | 5.4 |
警告
Network |
WWBN | AVideo | WWBNのAVideoにおけるクロスサイトスクリプティングの脆弱性 New |
CWE-79
Cross-site Scripting |
CVE-2026-41063 | 2026-04-27 10:47 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 423 | 9.3 |
緊急
Network |
WWBN | AVideo | WWBNのAVideoにおけるOS コマンドインジェクションの脆弱性 New |
CWE-78
OS Command |
CVE-2026-41064 | 2026-04-27 10:47 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 424 | 5 |
警告
Network |
OpenFGA |
OpenFGA Helm Charts |
OpenFGAのHelm Charts等の複数製品における複数の脆弱性 New |
CWE-706 CWE-863 Use of Incorrectly-Resolved Name or Reference Incorrect Authorization |
CVE-2026-41131 | 2026-04-27 10:47 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 425 | 8.8 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおけるコードインジェクションの脆弱性 New |
CWE-94
Code Injection |
CVE-2026-41137 | 2026-04-27 10:47 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 426 | 8.8 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおけるコードインジェクションの脆弱性 New |
CWE-94
Code Injection |
CVE-2026-41138 | 2026-04-27 10:47 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 427 | 7 |
重要
Network |
openremote | openremote | openremoteにおけるアクセス制御に関する脆弱性 New |
CWE-284
Improper Access Control |
CVE-2026-41166 | 2026-04-27 10:47 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 428 | 5.3 |
警告
Network |
pypdf project | pypdf | pypdf projectのpypdfにおける過度な反復の脆弱性 New |
CWE-834
Excessive Iteration |
CVE-2026-41168 | 2026-04-27 10:46 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 429 | 9.8 |
緊急
Network |
flowiseai | flowise | flowiseaiのflowiseにおける不完全なブラックリストに関する脆弱性 New |
CWE-184
Incomplete Blacklist |
CVE-2026-41264 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 430 | 9.8 |
緊急
Network |
flowiseai | flowise | flowiseaiのflowiseにおけるコマンドインジェクションの脆弱性 New |
CWE-77
Command Injection |
CVE-2026-41265 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 431 | 7.5 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける複数の脆弱性 New |
CWE-200 CWE-522 CWE-862 Information Exposure Insufficiently Protected Credentials Missing Authorization |
CVE-2026-41266 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 432 | 9.8 |
緊急
Network |
flowiseai | flowise | flowiseaiのflowiseにおける複数の脆弱性 New |
CWE-639 CWE-915 Authorization Bypass Through User-Controlled Key Improperly Controlled Modification of Dynamically-Determined Object Attributes |
CVE-2026-41267 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 433 | 9.8 |
緊急
Network |
flowiseai | flowise | flowiseaiのflowiseにおける入力確認に関する脆弱性 New |
CWE-20
Improper Input Validation |
CVE-2026-41268 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 434 | 8.8 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける危険なタイプのファイルの無制限アップロードに関する脆弱性 New |
CWE-434
Unrestricted Upload of File with Dangerous Type |
CVE-2026-41269 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 435 | 8.3 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける複数の脆弱性 New |
CWE-284 CWE-918 Improper Access Control Server-Side Request Forgery (SSRF) |
CVE-2026-41270 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 436 | 8.3 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおけるサーバサイドのリクエストフォージェリの脆弱性 New |
CWE-918
Server-Side Request Forgery (SSRF) |
CVE-2026-41271 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 437 | 7.1 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおけるサーバサイドのリクエストフォージェリの脆弱性 New |
CWE-918
Server-Side Request Forgery (SSRF) |
CVE-2026-41272 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 438 | 8.2 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける重要な機能に対する認証の欠如に関する脆弱性 New |
CWE-306
Missing Authentication for Critical Function |
CVE-2026-41273 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 439 | 7.5 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける重要な情報の平文での送信に関する脆弱性 New |
CWE-319
Cleartext Transmission of Sensitive Information |
CVE-2026-41275 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 440 | 9.8 |
緊急
Network |
flowiseai | flowise | flowiseaiのflowiseにおける認証に関する脆弱性 New |
CWE-287
Improper Authentication |
CVE-2026-41276 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 441 | 8.8 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける複数の脆弱性 New |
CWE-284 CWE-639 CWE-915 Improper Access Control Authorization Bypass Through User-Controlled Key Improperly Controlled Modification of Dynamically-Determined Object Attributes |
CVE-2026-41277 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 442 | 7.5 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおける情報漏えいに関する脆弱性 New |
CWE-200
Information Exposure |
CVE-2026-41278 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 443 | 7.5 |
重要
Network |
flowiseai | flowise | flowiseaiのflowiseにおけるユーザ制御の鍵による認証回避に関する脆弱性 New |
CWE-639
Authorization Bypass Through User-Controlled Key |
CVE-2026-41279 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |
| 444 | 4.3 |
警告
Adjacent |
OpenBSD | OpenBSD | OpenBSDにおける複数の脆弱性 New |
CWE-1284 CWE-835 Improper Validation of Specified Quantity in Input Loop with Unreachable Exit Condition ('Infinite Loop') |
CVE-2026-41285 | 2026-04-27 10:46 | 2026-04-21 | Show | GitHub Exploit DB Packet Storm |
| 445 | 9.8 |
緊急
Network |
WWBN | AVideo | WWBNのAVideoにおけるコマンドインジェクションの脆弱性 New |
CWE-77
Command Injection |
CVE-2026-41304 | 2026-04-27 10:46 | 2026-04-22 | Show | GitHub Exploit DB Packet Storm |
| 446 | 4.3 |
警告
Network |
pretix | pretix | pretix GmbHのpretixにおける隔離または分類に関する脆弱性 New |
CWE-653
Improper Isolation or Compartmentalization |
CVE-2026-5600 | 2026-04-27 10:46 | 2026-04-8 | Show | GitHub Exploit DB Packet Storm |
| 447 | 7.2 |
重要
Network |
mintplexlabs | anythingllm | mintplexlabsのanythingllmにおけるパストラバーサルの脆弱性 New |
CWE-29
Path Traversal: '\..\filename' |
CVE-2026-5627 | 2026-04-27 10:46 | 2026-04-7 | Show | GitHub Exploit DB Packet Storm |
| 448 | 9.6 |
緊急
Network |
Google Chrome | GoogleのGoogle Chromeにおける解放済みメモリの使用に関する脆弱性 New |
CWE-416
Use After Free |
CVE-2026-6919 | 2026-04-27 10:46 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm | |
| 449 | 9.6 |
緊急
Network |
Google Chrome | GoogleのGoogle Chromeにおける境界外読み取りに関する脆弱性 New |
CWE-125
Out-of-bounds Read |
CVE-2026-6920 | 2026-04-27 10:45 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm | |
| 450 | 8.3 |
重要
Network |
Google Chrome | GoogleのGoogle Chromeにおける競合状態に関する脆弱性 New |
CWE-362
Race Condition |
CVE-2026-6921 | 2026-04-27 10:45 | 2026-04-23 | Show | GitHub Exploit DB Packet Storm |