Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 4, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2051	5.4	警告 Network	lfprojects	mlflow	lfprojectsのmlflowにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-33865	2026-04-21 10:43	2026-04-7	Show	GitHub Exploit DB Packet Storm

2052	4.3	警告 Network	lfprojects	mlflow	lfprojectsのmlflowにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-33866	2026-04-21 10:43	2026-04-7	Show	GitHub Exploit DB Packet Storm

2053	9.1	緊急 Network	Mervin Praison (MervinPraison)	PraisonAI	Mervin Praison (MervinPraison)のPraisonAIにおける信頼できない制御領域からの機能の組み込みに関する脆弱性	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2026-40313	2026-04-21 10:43	2026-04-14	Show	GitHub Exploit DB Packet Storm

2054	6.5	警告 Network	PAC4J	pac4j	PAC4Jのpac4jにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-40458	2026-04-21 10:43	2026-04-17	Show	GitHub Exploit DB Packet Storm

2055	8.8	重要 Network	PAC4J	pac4j	PAC4Jのpac4jにおけるLDAP インジェクションの脆弱性	CWE-90 LDAP インジェクション	CVE-2026-40459	2026-04-21 10:43	2026-04-17	Show	GitHub Exploit DB Packet Storm

2056	7.8	重要 Local	Rubicon Communications, LLC (Netgate).	NETGATE Registry Cleaner	Rubicon Communications, LLC (Netgate).のNETGATE Registry Cleanerにおける引用されない検索パスまたは要素に関する脆弱性	CWE-428 引用されない検索パスまたは要素	CVE-2016-20057	2026-04-21 10:43	2026-04-4	Show	GitHub Exploit DB Packet Storm

2057	6.1	警告 Network	Thank You/Like System project	Thank You/Like System	MyBB GroupのThank You/Like Systemにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-25247	2026-04-21 10:43	2026-04-4	Show	GitHub Exploit DB Packet Storm

2058	6.1	警告 Network	MyBB Group	MyBB Last User's Threads	MyBB GroupのMyBB Last User's Threadsにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-25250	2026-04-21 10:43	2026-04-4	Show	GitHub Exploit DB Packet Storm

2059	5.5	警告 Local	AnyBurn	AnyBurn	AnyBurnにおける再利用前に削除されていないリソース内重要情報に関する脆弱性	CWE-226 再利用前に削除されていないリソース内重要情報	CVE-2019-25657	2026-04-21 10:43	2026-04-5	Show	GitHub Exploit DB Packet Storm

2060	5.5	警告 Local	Hainsoft.com	LanHelper	Hainsoft.comのLanHelperにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2019-25660	2026-04-21 10:43	2026-04-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 5, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
101	4.4	MEDIUM Local	-	-	An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via… Update	CWE-125 Out-of-bounds Read	CVE-2026-35233	2026-05-5 00:22	2026-05-2	Show	GitHub Exploit DB Packet Storm

102	4.9	MEDIUM Network	-	-	Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server … New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-6948	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

103	7.5	HIGH Network	-	-	A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and … New	CWE-130 Improper Handling of Length Parameter Inconsistency	CVE-2026-33846	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

104	8.8	HIGH Local	-	-	A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may res… New	CWE-1386 Insecure Operation on Windows Junction / Mount Point	CVE-2025-58074	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

105	8.3	HIGH Network	-	-	A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai… New	CWE-305 Authentication Bypass by Primary Weakness	CVE-2026-6266	2026-05-5 00:22	2026-05-4	Show	GitHub Exploit DB Packet Storm

106	6.5	MEDIUM Network	-	-	An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the a… Update	CWE-158 Improper Neutralization of Null Byte or NUL Character	CVE-2026-23863	2026-05-5 00:21	2026-05-2	Show	GitHub Exploit DB Packet Storm

107	4.3	MEDIUM Network	-	-	Incomplete validation of AI rich response messages for Instagram Reels in WhatsApp for iOS v2.25.8.0 to v2.26.15.72 and WhatsApp for Android v2.25.8.0 to v2.26.7.10 could have allowed a user to trigg… Update	CWE-940 Improper Verification of Source of a Communication Channel	CVE-2026-23866	2026-05-5 00:21	2026-05-2	Show	GitHub Exploit DB Packet Storm

108	9.9	CRITICAL Network	-	-	An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted DDNS configuration can lead to arbitrary command execution. An… New	CWE-78 OS Command	CVE-2026-42364	2026-05-5 00:21	2026-05-4	Show	GitHub Exploit DB Packet Storm

109	8.6	HIGH Network	-	-	A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted series of HTTP requests can lead to an authentication bypas. … New	CWE-341 Predictable from Observable State	CVE-2026-42365	2026-05-5 00:21	2026-05-4	Show	GitHub Exploit DB Packet Storm

110	7.4	HIGH Network	-	-	Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an ar… New	CWE-79 Cross-site Scripting	CVE-2026-42366	2026-05-5 00:21	2026-05-4	Show	GitHub Exploit DB Packet Storm