Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 17, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2201	9.1	緊急 Network	マイクロソフト	ASP.NET Core	ASP.NET Core Elevation of Privilege Vulnerability	CWE-347 デジタル署名の不適切な検証	CVE-2026-40372	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

2202	5.4	警告 Network	Kimai project	kimai	Kimai projectのKimaiにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40479	2026-04-30 12:28	2026-04-17	Show	GitHub Exploit DB Packet Storm

2203	4.3	警告 Network	Kimai project	kimai	Kimai projectのKimaiにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-40486	2026-04-30 12:28	2026-04-17	Show	GitHub Exploit DB Packet Storm

2204	6.8	警告 Network	oauth2_proxy project	oauth2_proxy	oauth2_proxy projectのoauth2_proxyにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-40574	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

2205	9.1	緊急 Network	oauth2_proxy project	oauth2_proxy	oauth2_proxy projectのoauth2_proxyにおけるスプーフィングによる認証回避に関する脆弱性	CWE-290 スプーフィングによる認証回避	CVE-2026-40575	2026-04-30 12:28	2026-04-22	Show	GitHub Exploit DB Packet Storm

2206	4.8	警告 Network	pyLoad-ng project	pyLoad-ng	pyLoad-ng projectのpyLoad-ngにおける同一生成元ポリシー違反に関する脆弱性	CWE-346 同一生成元ポリシー違反	CVE-2026-40594	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

2207	8.1	重要 Network	The Kyverno Authors	Kyverno	The Kyverno AuthorsのKyvernoにおける重要な情報のセキュアでない格納に関する脆弱性	CWE-922 重要な情報のセキュアでない格納	CVE-2026-40868	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

2208	8.1	重要 Network	goshs	goshs	goshsにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-40883	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

2209	9.8	緊急 Network	goshs	goshs	goshsにおける重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-40884	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

2210	8.8	重要 Network	goshs	goshs	goshsにおける情報漏えいに関する脆弱性	CWE-200 CWE-noinfo	CVE-2026-40885	2026-04-30 12:28	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
313421	5.5	MEDIUM Local	nvidia	cuda_toolkit	NVIDIA CUDA Toolkit for all platforms contains a vulnerability in nvdisasm, where an attacker can cause an out-of-bounds read issue by deceiving a user into reading a malformed ELF file. A successful…	CWE-125 Out-of-bounds Read	CVE-2024-0102	2024-09-17 04:37	2024-08-9	Show	GitHub Exploit DB Packet Storm

313422	8.8	HIGH Local	nvidia	jetson_linux	NVIDIA Jetson Linux contains a vulnerability in NvGPU where error handling paths in GPU MMU mapping code fail to clean up a failed mapping attempt. A successful exploit of this vulnerability may lead…	CWE-755 Improper Handling of Exceptional Conditions	CVE-2024-0108	2024-09-17 04:27	2024-08-9	Show	GitHub Exploit DB Packet Storm

313423	7.5	HIGH Network	nvidia	mlnx-os mlnx-gw onyx nvda-os_xc	NVIDIA Mellanox OS, ONYX, Skyway, MetroX-2 and MetroX-3 XC contain a vulnerability in ipfilter, where improper ipfilter definitions could enable an attacker to cause a failure by attacking the switch…	NVD-CWE-Other	CVE-2024-0101	2024-09-17 04:24	2024-08-9	Show	GitHub Exploit DB Packet Storm

313424	8.8	HIGH Network	solarwinds	access_rights_manager	SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, r…	NVD-CWE-noinfo	CVE-2024-28991	2024-09-17 03:06	2024-09-12	Show	GitHub Exploit DB Packet Storm

313425	9.8	CRITICAL Network	solarwinds	access_rights_manager	SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management…	CWE-798 Use of Hard-coded Credentials	CVE-2024-28990	2024-09-17 03:05	2024-09-12	Show	GitHub Exploit DB Packet Storm

313426	5.4	MEDIUM Network	mindsdb	mindsdb	A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, o…	CWE-79 Cross-site Scripting	CVE-2024-45856	2024-09-17 03:04	2024-09-12	Show	GitHub Exploit DB Packet Storm

313427	7.5	HIGH Network	mindsdb	mindsdb	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘fi…	CWE-502 Deserialization of Untrusted Data	CVE-2024-45855	2024-09-17 03:03	2024-09-12	Show	GitHub Exploit DB Packet Storm

313428	7.5	HIGH Network	mindsdb	mindsdb	Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘descri…	CWE-502 Deserialization of Untrusted Data	CVE-2024-45854	2024-09-17 03:02	2024-09-12	Show	GitHub Exploit DB Packet Storm

313429	7.5	HIGH Network	mindsdb	mindsdb	Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for …	CWE-502 Deserialization of Untrusted Data	CVE-2024-45853	2024-09-17 02:59	2024-09-12	Show	GitHub Exploit DB Packet Storm

313430	8.8	HIGH Network	mindsdb	mindsdb	Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.	CWE-502 Deserialization of Untrusted Data	CVE-2024-45852	2024-09-17 02:51	2024-09-12	Show	GitHub Exploit DB Packet Storm