Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2031	6.5	警告 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAIにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-40160	2026-04-21 10:44	2026-04-10	Show	GitHub Exploit DB Packet Storm

2032	8.1	重要 Network	b3log	SiYuan	B3logのSiYuanにおける認可に関する脆弱性	CWE-285 不適切な認可	CVE-2026-40259	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

2033	8.4	重要 Local	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAI等の複数製品における複数の脆弱性	CWE-426 CWE-94	CVE-2026-40287	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

2034	9.8	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAI等の複数製品における複数の脆弱性	CWE-78 CWE-94	CVE-2026-40288	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

2035	9.1	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAI等の複数製品における重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-40289	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

2036	9.8	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAIにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-40315	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

2037	8.5	重要 Network	b3log	SiYuan	B3logのSiYuanにおけるパストラバーサルの脆弱性	CWE-24 パストラバーサル (../filedir)	CVE-2026-40318	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

2038	9	緊急 Network	b3log	SiYuan	B3logのSiYuanにおける複数の脆弱性	CWE-79 CWE-94	CVE-2026-40322	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

2039	7.2	重要 Network	フォーティネット	Fortiweb	フォーティネットのFortiwebにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2026-40688	2026-04-21 10:44	2026-04-14	Show	GitHub Exploit DB Packet Storm

2040	6.5	警告 Network	DataEase	DataEase	DataEaseにおける許容された入力値の許可リストに関する脆弱性	CWE-183 許容された入力値の許可リスト	CVE-2026-40899	2026-04-21 10:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
341	6.5	MEDIUM Local	-	-	Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. New	CWE-120 Classic Buffer Overflow	CVE-2025-47404	2026-05-5 02:16	2026-05-5	Show	GitHub Exploit DB Packet Storm

342	6.5	MEDIUM Adjacent	-	-	Transient DOS when processing a malformed Fast Transition response frame with an invalid header structure during wireless roaming. New	CWE-126 Buffer Over-read	CVE-2025-47403	2026-05-5 02:16	2026-05-5	Show	GitHub Exploit DB Packet Storm

343	6.5	MEDIUM Adjacent	-	-	Transient DOS when processing target power rate tables during channel configuration. New	CWE-126 Buffer Over-read	CVE-2025-47401	2026-05-5 02:16	2026-05-5	Show	GitHub Exploit DB Packet Storm

344	7.5	HIGH Network	xwiki	cryptpad	CryptPad 2025.3.1 allows unbounded WebSocket frame flood. A remote, unauthenticated attacker can significantly degrade or deny service for all users of a CryptPad instance. Fixed in 2026.2.2. Update	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2025-51846	2026-05-5 01:52	2026-05-1	Show	GitHub Exploit DB Packet Storm

345	8.8	HIGH Network	progress	moveit_automation	Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before … Update	CWE-20 Improper Input Validation	CVE-2026-5174	2026-05-5 01:47	2026-05-1	Show	GitHub Exploit DB Packet Storm

346	6.5	MEDIUM Network	-	-	An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components New	CWE-125 Out-of-bounds Read	CVE-2025-70072	2026-05-5 01:16	2026-05-5	Show	GitHub Exploit DB Packet Storm

347	6.5	MEDIUM Network	-	-	An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry() New	CWE-476 NULL Pointer Dereference	CVE-2025-70070	2026-05-5 01:16	2026-05-5	Show	GitHub Exploit DB Packet Storm

348	6.5	MEDIUM Network	-	-	During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability ex… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-5337	2026-05-5 00:23	2026-05-3	Show	GitHub Exploit DB Packet Storm

349	5.3	MEDIUM Network	-	-	The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information. New	CWE-552 Files or Directories Accessible to External Parties	CVE-2026-5335	2026-05-5 00:23	2026-05-4	Show	GitHub Exploit DB Packet Storm

350	4.9	MEDIUM Network	-	-	Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server … New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-6948	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed