Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 2, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1191 10 緊急
Network 		Minetest Minetest Minetestにおけるコードインジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2026-41196 2026-05-18 12:15 2026-04-23 Show GitHub Exploit DB Packet Storm
1192 7.5 重要
Network 		Apache Software Foundation Apache Tomcat Apache Software FoundationのApache Tomcatにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性 CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-41284 2026-05-18 12:15 2026-05-12 Show GitHub Exploit DB Packet Storm
1193 6.5 警告
Network 		liquidjs liquidjs liquidjsにおける再帰制御に関する脆弱性 CWE-674
不適切な再帰制御 		CVE-2026-41311 2026-05-18 12:15 2026-05-9 Show GitHub Exploit DB Packet Storm
1194 5.3 警告
Network 		n8n-MCP n8n-MCP n8n-MCPにおけるログファイルからの情報漏えいに関する脆弱性 CWE-532
ログファイルからの情報漏えい 		CVE-2026-41495 2026-05-18 12:15 2026-05-8 Show GitHub Exploit DB Packet Storm
1195 6.2 警告
Local 		マイクロソフト Microsoft 365 Copilot M365 Copilot for Desktop のスプーフィングの脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-41614 2026-05-18 12:15 2026-05-12 Show GitHub Exploit DB Packet Storm
1196 6.1 警告
Network 		Open Source Geospatial Foundation MapServer Open Source Geospatial FoundationのMapServerにおけるクロスサイトスクリプティングの脆弱性 CWE-80
クロスサイトスクリプティング (Basic XSS) 		CVE-2026-42030 2026-05-18 12:15 2026-05-8 Show GitHub Exploit DB Packet Storm
1197 6.5 警告
Network 		argoproj Argo Workflows Argo Project AuthorsのArgo WorkflowsにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-42183 2026-05-18 12:14 2026-05-9 Show GitHub Exploit DB Packet Storm
1198 7.5 重要
Network 		russh project
warpgate project		 russh
warpgate 		russh project等の複数ベンダの製品における複数の脆弱性 CWE-770
CWE-789
CVE-2026-42189 2026-05-18 12:14 2026-05-8 Show GitHub Exploit DB Packet Storm
1199 7.5 重要
Network 		OWASP ModSecurity OWASPのModSecurityにおける複数の脆弱性 CWE-191
CWE-248
CVE-2026-42268 2026-05-18 12:14 2026-05-12 Show GitHub Exploit DB Packet Storm
1200 4.3 警告
Network 		n8n-MCP n8n-MCP n8n-MCPにおけるログファイルからの情報漏えいに関する脆弱性 CWE-532
ログファイルからの情報漏えい 		CVE-2026-42282 2026-05-18 12:14 2026-05-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2531 4.3 MEDIUM
Network 		devolutions devolutions_server Missing authorization in the user profile update feature in Devolutions Server allows an authenticated Active Directory user to modify their own profile attributes via a crafted API request. This is… CWE-862
 Missing Authorization 		CVE-2026-9224 2026-05-23 03:58 2026-05-23 Show GitHub Exploit DB Packet Storm
2532 4.3 MEDIUM
Network 		devolutions devolutions_server Missing authorization in the vault import feature in Devolutions Server  2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request. CWE-284
Improper Access Control 		CVE-2026-9223 2026-05-23 03:57 2026-05-23 Show GitHub Exploit DB Packet Storm
2533 7.6 HIGH
Network 		devolutions devolutions_server Improper handling of factor key state in the multi-factor authentication management feature in Devolutions Server allows an attacker with knowledge of a user's password to bypass the user's multi-fac… CWE-305
 Authentication Bypass by Primary Weakness 		CVE-2026-9047 2026-05-23 03:55 2026-05-23 Show GitHub Exploit DB Packet Storm
2534 2.7 LOW
Network 		devolutions devolutions_server Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensit… CWE-841
 Improper Enforcement of Behavioral Workflow 		CVE-2026-8477 2026-05-23 03:54 2026-05-23 Show GitHub Exploit DB Packet Storm
2535 7.1 HIGH
Network 		devolutions devolutions_server Improper authorization in the Active Directory browsing feature in Devolutions Server allows a low-privileged authenticated user to obtain authentication material associated with a stored PAM provide… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-7325 2026-05-23 03:45 2026-05-23 Show GitHub Exploit DB Packet Storm
2536 4.3 MEDIUM
Network 		devolutions devolutions_server Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activ… CWE-284
Improper Access Control 		CVE-2026-5171 2026-05-23 03:36 2026-05-23 Show GitHub Exploit DB Packet Storm
2537 5.4 MEDIUM
Network 		devolutions devolutions_server Missing authorization in the entry status management feature in Devolutions Server allows a non-administrator authenticated user to bypass the administrator-enforced Pending Approval flow and gain ac… CWE-862
 Missing Authorization 		CVE-2026-9251 2026-05-23 03:31 2026-05-23 Show GitHub Exploit DB Packet Storm
2538 6.1 MEDIUM
Network 		- - Cross Site Scripting vulnerability in Advantech WebAccess/SCADA 8.0-2015.08.16 allows a remote attacker to obtain sensitive information via the decryption field in the Create New Project User compone… CWE-79
Cross-site Scripting 		CVE-2026-36226 2026-05-23 03:28 2026-05-23 Show GitHub Exploit DB Packet Storm
2539 7.8 HIGH
Local 		- - Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by craft… CWE-862
 Missing Authorization 		CVE-2026-9255 2026-05-23 03:28 2026-05-23 Show GitHub Exploit DB Packet Storm
2540 5.9 MEDIUM
Local 		- - HP ENVY 5000 series printers VERBASPP1N003.2237A.00 do not properly manage concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can… CWE-400
CWE-770
 Uncontrolled Resource Consumption
 Allocation of Resources Without Limits or Throttling 		CVE-2026-42626 2026-05-23 03:28 2026-05-23 Show GitHub Exploit DB Packet Storm