Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1241 8.6 重要
Network 		VMware Spring AI VMwareのSpring AIにおける言語構文の表現に使用される特殊な要素の不適切な無効化に関する脆弱性 CWE-917
言語構文の表現に使用される特殊な要素の不適切な無効化 		CVE-2026-41705 2026-05-14 10:18 2026-05-9 Show GitHub Exploit DB Packet Storm
1242 7.5 重要
Network 		VMware Spring AI VMwareのSpring AIにおける不適切なデフォルトパーミッションに関する脆弱性 CWE-276
不適切なデフォルトパーミッション 		CVE-2026-41712 2026-05-14 10:18 2026-05-12 Show GitHub Exploit DB Packet Storm
1243 8.2 重要
Network 		VMware Spring AI VMwareのSpring AIにおけるテンプレートエンジンで使用される特殊な要素の不適切な無効化に関する脆弱性 CWE-1336
テンプレートエンジンで使用される特殊な要素の不適切な無効化 		CVE-2026-41713 2026-05-14 10:18 2026-05-12 Show GitHub Exploit DB Packet Storm
1244 6.5 警告
Network 		LangGenius Dify LangGeniusのDifyにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-41950 2026-05-14 10:18 2026-05-5 Show GitHub Exploit DB Packet Storm
1245 9.6 緊急
Network 		Streetwriters Notesnook Mobile
Notesnook Desktop 		StreetwritersのNotesnook Desktop等の複数製品における複数の脆弱性 CWE-79
CWE-94
CVE-2026-42090 2026-05-14 10:18 2026-05-4 Show GitHub Exploit DB Packet Storm
1246 6.5 警告
Network 		goshs goshs goshsにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2026-42091 2026-05-14 10:18 2026-05-4 Show GitHub Exploit DB Packet Storm
1247 4.8 警告
Network 		Weblate wlc Weblateのwlcにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-42150 2026-05-14 10:18 2026-05-8 Show GitHub Exploit DB Packet Storm
1248 5.9 警告
Network 		Teluu Ltd. PJSIP Teluu Ltd.のPJSIPにおける証明書検証に関する脆弱性 CWE-295
不正な証明書検証 		CVE-2026-42225 2026-05-14 10:18 2026-05-7 Show GitHub Exploit DB Packet Storm
1249 4.3 警告
Network 		Onyx Onyx Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-42276 2026-05-14 10:18 2026-05-8 Show GitHub Exploit DB Packet Storm
1250 6.5 警告
Network 		Onyx Onyx Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-42277 2026-05-14 10:18 2026-05-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
312071 5.4 MEDIUM
Network 		cisco nexus_dashboard_fabric_controller
nexus_dashboard 		A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. Thi… CWE-862
 Missing Authorization 		CVE-2024-20442 2024-10-8 05:11 2024-10-3 Show GitHub Exploit DB Packet Storm
312072 5.4 MEDIUM
Network 		vowelweb ibtana The Ibtana – WordPress Website Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ attribute within the 'wp:ive/ive-productscarousel' Gutenberg block in all vers… CWE-79
Cross-site Scripting 		CVE-2024-8282 2024-10-8 05:11 2024-10-2 Show GitHub Exploit DB Packet Storm
312073 6.5 MEDIUM
Adjacent 		gotenna atak_plugin In the goTenna Pro ATAK Plugin application, the encryption keys are stored along with a static IV on the device. This allows for complete decryption of keys stored on the device. This allows an att… CWE-922
 Insecure Storage of Sensitive Information 		CVE-2024-43694 2024-10-8 04:40 2024-09-27 Show GitHub Exploit DB Packet Storm
312074 - - - Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 was discovered to contain an authenticated command injection vulnerability. - CVE-2024-46658 2024-10-8 04:37 2024-10-4 Show GitHub Exploit DB Packet Storm
312075 - - - Several CGI endpoints are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters passed through POST requests to the strcpy function on DrayTek Vigor… - CVE-2024-41590 2024-10-8 04:37 2024-10-4 Show GitHub Exploit DB Packet Storm
312076 - - - The CGI endpoints v2x00.cgi and cgiwcg.cgi of DrayTek Vigor3910 devices through 4.3.2.6 are vulnerable to buffer overflows, by authenticated users, because of missing bounds checking on parameters pa… - CVE-2024-41588 2024-10-8 04:37 2024-10-4 Show GitHub Exploit DB Packet Storm
312077 - - - DrayTek Vigor3910 devices through 4.3.2.6 are affected by an OS command injection vulnerability that allows an attacker to leverage the recvCmd binary to escape from the emulated instance and inject … - CVE-2024-41585 2024-10-8 04:37 2024-10-4 Show GitHub Exploit DB Packet Storm
312078 - - - A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.1.0.4 could allow an unauthenticated attacker to conduct an unauthorized access attack due to inadequate acc… - CVE-2024-42514 2024-10-8 04:37 2024-10-2 Show GitHub Exploit DB Packet Storm
312079 5.4 MEDIUM
Network 		connekthq ajax_load_more The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_label’ parameter in all versions up to, and including, 7.1.2 due to in… CWE-79
Cross-site Scripting 		CVE-2024-8505 2024-10-8 04:26 2024-10-2 Show GitHub Exploit DB Packet Storm
312080 6.1 MEDIUM
Network 		goldplugins custom_banners The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3… CWE-79
Cross-site Scripting 		CVE-2024-8799 2024-10-8 04:22 2024-10-1 Show GitHub Exploit DB Packet Storm