Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 2:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1951 7.8 重要
Local 		マイクロソフト Microsoft 365 Apps
Office Long Term Servicing Channel (LTSC)
Microsoft PowerPoint
Microsoft Office 		Microsoft PowerPoint のリモートでコードが実行される脆弱性 CWE-416
解放済みメモリの使用 		CVE-2026-32200 2026-04-30 11:03 2026-04-14 Show GitHub Exploit DB Packet Storm
1952 7.8 重要
Local 		デル Alienware Command Center デルのAlienware Command Centerにおける最小権限の違反に関する脆弱性 CWE-272
最小権限の違反 		CVE-2026-32655 2026-04-30 11:03 2026-04-27 Show GitHub Exploit DB Packet Storm
1953 2.7
Network 		GitHub Enterprise Server GitHubのEnterprise Serverにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-3307 2026-04-30 11:03 2026-04-21 Show GitHub Exploit DB Packet Storm
1954 5.5 警告
Local 		マイクロソフト Microsoft Dynamics 365 Microsoft Dynamics 365 の(オンプレミス) で、情報漏えいの脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-33103 2026-04-30 11:03 2026-04-14 Show GitHub Exploit DB Packet Storm
1955 10 緊急
Network 		Apache Software Foundation Apache Camel Apache Software FoundationのApache Camelにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性 CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更 		CVE-2026-33453 2026-04-30 11:03 2026-04-27 Show GitHub Exploit DB Packet Storm
1956 9.4 緊急
Network 		Apache Software Foundation Apache Camel Apache Software FoundationのApache Camelにおける信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2026-33454 2026-04-30 11:03 2026-04-27 Show GitHub Exploit DB Packet Storm
1957 7.5 重要
Network 		Linaro OP-TEE Trusted OS LinaroのOP-TEE Trusted OSにおける整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-33662 2026-04-30 11:03 2026-04-24 Show GitHub Exploit DB Packet Storm
1958 7.4 重要
Network 		OpenProject OpenProject OpenProjectにおける過度な認証試行の不適切な制限に関する脆弱性 CWE-307
過度な認証試行の不適切な制限 		CVE-2026-33667 2026-04-30 11:03 2026-04-15 Show GitHub Exploit DB Packet Storm
1959 6.7 警告
Local 		デル data domain operating system デルのdata domain operating systemにおける権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2026-35154 2026-04-30 11:03 2026-04-20 Show GitHub Exploit DB Packet Storm
1960 3.3
Local 		Uutils uutils coreutils Uutilsのuutils coreutilsにおける指定された機能の不適切な提供に関する脆弱性 CWE-684
指定された機能の不適切な提供 		CVE-2026-35379 2026-04-30 11:03 2026-04-22 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
841 7.3 HIGH
Network 		- - PraisonAI is a multi-agent teams system. From version 2.5.6 to before version 4.6.34, PraisonAI ships a legacy Flask API server with authentication disabled by default. When that server is used, any … CWE-306
CWE-668
CWE-1188
Missing Authentication for Critical Function
 Exposure of Resource to Wrong Sphere
 Insecure Default Initialization of Resource 		CVE-2026-44338 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
842 8.4 HIGH
Local 		- - PraisonAI is a multi-agent teams system. From version 4.5.139 to before version 4.6.32, CVE-2026-40287's fix gated tools.py auto-import behind PRAISONAI_ALLOW_LOCAL_TOOLS=true in two files (tool_reso… CWE-94
Code Injection 		CVE-2026-44334 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
843 - - - PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules… CWE-20
CWE-22
CWE-94
CWE-829
CWE-913
 Improper Input Validation 
Path Traversal
Code Injection
 Inclusion of Functionality from Untrusted Control Sphere
 Improper Control of Dynamically-Managed Code Resources 		CVE-2026-44336 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
844 8.6 HIGH
Network 		- - PraisonAI is a multi-agent teams system. Prior to praisonai version 4.6.37 and praisonaiagents version 1.6.37, praisonaiagents resolves unresolved tool names against module globals and __main__ after… CWE-470
Unsafe Reflection 		CVE-2026-44339 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
845 - - - PraisonAI is a multi-agent teams system. Prior to version 4.6.37, the _safe_extractall helper that all recipe pull, recipe publish, and recipe unpack flows route through validates each archive member… CWE-22
CWE-59
Path Traversal
Link Following 		CVE-2026-44340 2026-05-9 00:53 2026-05-8 Show GitHub Exploit DB Packet Storm
846 - - - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templ… CWE-1336
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-42203 2026-05-9 00:52 2026-05-8 Show GitHub Exploit DB Packet Storm
847 - - - LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST… CWE-77
CWE-78
Command Injection
OS Command  		CVE-2026-42271 2026-05-9 00:52 2026-05-8 Show GitHub Exploit DB Packet Storm
848 - - - A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on imp… CWE-290
CWE-807
 Authentication Bypass by Spoofing
 Reliance on Untrusted Inputs in a Security Decision 		CVE-2026-6213 2026-05-9 00:51 2026-05-8 Show GitHub Exploit DB Packet Storm
849 - - - Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The vulnerability occurs in the login form endpoint, where the ‘returnUrl’ parameter allows redirection bec… CWE-601
Open Redirect 		CVE-2026-3318 2026-05-9 00:51 2026-05-8 Show GitHub Exploit DB Packet Storm
850 - - - Weak credentials in the CashDro 3 web administration panel, version 24.01.00.26, where the platform allows the use of numeric PINs for user authentication. The system supports the use of PIN-based cr… CWE-1391
 Use of Weak Credentials 		CVE-2026-8076 2026-05-9 00:51 2026-05-8 Show GitHub Exploit DB Packet Storm