Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1161	9.1	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAI等の複数製品における重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-40289	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

1162	9.8	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAIにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-40315	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

1163	8.5	重要 Network	b3log	SiYuan	B3logのSiYuanにおけるパストラバーサルの脆弱性	CWE-24 パストラバーサル (../filedir)	CVE-2026-40318	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

1164	9	緊急 Network	b3log	SiYuan	B3logのSiYuanにおける複数の脆弱性	CWE-79 CWE-94	CVE-2026-40322	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

1165	7.2	重要 Network	フォーティネット	Fortiweb	フォーティネットのFortiwebにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-40688	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

1166	6.5	警告 Network	DataEase	DataEase	DataEaseにおける許容された入力値の許可リストに関する脆弱性	CWE-183 許容された入力値の許可リスト	CVE-2026-40899	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

1167	8.8	重要 Network	DataEase	DataEase	DataEaseにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-40900	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

1168	8.8	重要 Network	DataEase	DataEase	DataEaseにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40901	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

1169	5.4	警告 Network	b3log	SiYuan	B3logのSiYuanにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40922	2026-04-21 10:44	2026-04-17	Show	GitHub Exploit DB Packet Storm

1170	9.8	緊急 Network	FFmpeg	FFmpeg	FFmpegにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-40962	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 29, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
81	7.3	HIGH Network	-	-	Memory safety bugs present in Firefox 150.0.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exp… New	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2026-7324	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm

82	7.5	HIGH Network	-	-	Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. New	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2026-7320	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm

83	7.3	HIGH Network	-	-	The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write w… New	CWE-787 Out-of-bounds Write	CVE-2026-5435	2026-04-29 01:16	2026-04-28	Show	GitHub Exploit DB Packet Storm

84	-		-	-	Cross-Site Scripting (XSS) vulnerability exists in FUEL CMS v1.5.2 and before within the asset upload functionality. The application fails to properly sanitize uploaded SVG files, allowing a low-priv… New	-	CVE-2026-38948	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm

85	-		-	-	Authentication Bypass vulnerability exists in Netmaker versions prior to 1.5.0. The VerifyHostToken function in logic/jwts.go fails to validate the JWT signature when verifying host tokens. An attack… New	-	CVE-2026-38651	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm

86	9.8	CRITICAL Network	-	-	MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, … New	CWE-287 Improper Authentication	CVE-2026-35903	2026-04-29 01:16	2026-04-28	Show	GitHub Exploit DB Packet Storm

87	7.5	HIGH Network	-	-	An issue in Pro-Bit before v1.77.4 allows unauthenticated attackers to directly access sensitive directory and its subdirectories. New	CWE-552 Files or Directories Accessible to External Parties	CVE-2025-69428	2026-04-29 01:16	2026-04-28	Show	GitHub Exploit DB Packet Storm

88	7.5	HIGH Network	-	-	The Aranda File Server (AFS) component in Aranda Software Aranda Service Desk before 8.3.12 stores daily activity logs with predictable names in a publicly accessible directory, which allows unauthen… New	CWE-377 CWE-532 Insecure Temporary File Inclusion of Sensitive Information in Log Files	CVE-2025-67223	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm

89	-		-	-	Insecure deserialization of untrusted input in StellarGroup HPX 1.11.0 under certain conditions may allow attackers to execute arbitrary code or other unspecified impacts. New	-	CVE-2025-60889	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm

90	5.3	MEDIUM Network	-	-	An issue was discovered in Cista v0.15 and below. Insecure deserialization of untrusted input under certain conditions may lead to leaking of stack/heap addresses which may be used to bypass ASLR. Cl… New	-	CVE-2025-60887	2026-04-29 01:16	2026-04-29	Show	GitHub Exploit DB Packet Storm