Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2301	7.5	重要 Network	Progress Software Corporation	Telerik UI for ASP.NET AJAX	Progress Software CorporationのTelerik UI for ASP.NET AJAXにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-6022	2026-05-7 10:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

2302	9.8	緊急 Network	Progress Software Corporation	Telerik UI for ASP.NET AJAX	Progress Software CorporationのTelerik UI for ASP.NET AJAXにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-6023	2026-05-7 10:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

2303	2.7	低 Network	Tanium	Tanium Server	TaniumのTanium Serverにおける認証情報の不十分な保護に関する脆弱性	CWE-522 認証情報の不十分な保護	CVE-2026-6408	2026-05-7 10:51	2026-04-22	Show	GitHub Exploit DB Packet Storm

2304	5.5	警告 Local	Wireshark	Wireshark	WiresharkにおけるNULL ポインタデリファレンスに関する脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2026-6525	2026-05-7 10:51	2026-05-2	Show	GitHub Exploit DB Packet Storm

2305	7.5	重要 Network	TYPO3 Association	TYPO3	TYPO3 AssociationのTYPO3における重要な情報の平文保存に関する脆弱性	CWE-312 重要な情報の平文保存	CVE-2026-6553	2026-05-7 10:51	2026-04-21	Show	GitHub Exploit DB Packet Storm

2306	7.5	重要 Network	xmlsoft.org レッドハット	Red Hat Hardened Images Red Hat OpenShift Container Platform libxml2 Red Hat Enterprise Linux JBoss Core Services	レッドハット等の複数ベンダの製品における型の取り違えに関する脆弱性	CWE-843 型の取り違え	CVE-2026-6732	2026-05-7 10:50	2026-04-23	Show	GitHub Exploit DB Packet Storm

2307	7.5	重要 Network	Eclipse Foundation	Eclipse OpenJ9	Eclipse FoundationのEclipse OpenJ9における境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-6918	2026-05-7 10:50	2026-05-5	Show	GitHub Exploit DB Packet Storm

2308	-	-	IDrive Inc.	IDrive Cloud Backup Client for Windows	IDrive Cloud Backup Client for Windowsにおける権限昇格の脆弱性	-	CVE-2026-1995	2026-05-1 15:13	2026-04-30	Show	GitHub Exploit DB Packet Storm

2309	-	-	（複数のベンダ）	（複数の製品）	CISA ICS Advisory / ICS Medical Advisory（2026年04月28日）	-	-	2026-05-1 14:31	2026-04-30	Show	GitHub Exploit DB Packet Storm

2310	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	F456 Firmware	Shenzhen Tenda Technology Co.,Ltd.のF456 Firmwareにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7100	2026-05-1 10:49	2026-04-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1161	-		-	-	Rejected reason: REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2026-40520. Reason: This candidate is a duplicate of CVE-2026-40520. Notes: All CVE users should reference CVE-2026-40520 …	-	CVE-2026-41410	2026-05-14 04:17	2026-05-14	Show	GitHub Exploit DB Packet Storm

1162	6.5	MEDIUM Network	-	-	qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive dat…	CWE-89 SQL Injection	CVE-2026-37429	2026-05-14 04:17	2026-05-13	Show	GitHub Exploit DB Packet Storm

1163	6.5	MEDIUM Network	-	-	qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive dat…	CWE-89 SQL Injection	CVE-2026-37428	2026-05-14 04:17	2026-05-13	Show	GitHub Exploit DB Packet Storm

1164	9.8	CRITICAL Network	hitachi	virtual_storage_one_block vsp_g130_firmware vsp_g150_firmware vsp_g350_firmware vsp_g370_firmware vsp_g700_firmware vsp_g900_firmware vsp_f350_firmware vsp_f370_firmware vs…	Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Vi…	CWE-94 Code Injection	CVE-2025-1978	2026-05-14 04:15	2026-05-7	Show	GitHub Exploit DB Packet Storm

1165	5.3	MEDIUM Network	hitachi	virtual_storage_one_block vsp_g130_firmware vsp_g150_firmware vsp_g350_firmware vsp_g370_firmware vsp_g700_firmware vsp_g900_firmware vsp_f350_firmware vsp_f370_firmware vs…	Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platfor…	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2025-2514	2026-05-14 04:14	2026-05-7	Show	GitHub Exploit DB Packet Storm

1166	7.5	HIGH Network	haxx	curl	libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avo…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-5773	2026-05-14 04:13	2026-05-13	Show	GitHub Exploit DB Packet Storm

1167	6.5	MEDIUM Network	zulip	zulip_server	Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo…	CWE-284 NVD-CWE-noinfo Improper Access Control	CVE-2026-40300	2026-05-14 03:58	2026-05-13	Show	GitHub Exploit DB Packet Storm

1168	7.5	HIGH Network	microsoft	.net	Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network.	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-42899	2026-05-14 03:39	2026-05-13	Show	GitHub Exploit DB Packet Storm

1169	9.1	CRITICAL Network	getgrav	grav	Grav is a file-based Web platform. Prior to 2.0.0-beta.2, there is a Path Traversal vulnerability within the FormFlash core component. By manipulating the session_id (passed as __form-flash-id in POS…	CWE-22 Path Traversal	CVE-2026-42608	2026-05-14 03:39	2026-05-12	Show	GitHub Exploit DB Packet Storm

1170	7.5	HIGH Network	microsoft	outlook	Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to perform tampering over a network.	CWE-77 Command Injection	CVE-2026-42893	2026-05-14 03:37	2026-05-13	Show	GitHub Exploit DB Packet Storm