Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 20, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
231491 10 危険 website designs for less - Website Designs For Less Click N' Print Coupons の coupon_detail.asp における SQL インジェクションの脆弱性 - CVE-2006-6859 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231492 7.5 危険 webtext - WebText CMS における wt/users/ 配下のスクリプトへ任意の PHP コードを挿入される脆弱性 - CVE-2006-6856 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231493 7.5 危険 shadowed works - Shadowed Portal の include.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6850 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231494 5 警告 リアルネットワークス - RealNetworks RealPlayer の ierpplug.dll におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-6847 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231495 10 危険 phpBB - phpBB の特定のフォームにおける脆弱性 - CVE-2006-6841 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231496 10 危険 phpBB - phpBB における脆弱性 - CVE-2006-6840 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231497 10 危険 phpBB - phpBB における脆弱性 - CVE-2006-6839 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231498 7.5 危険 rediff - Rediff Bol Downloader OCX コントロールにおける重要な情報 (ユーザ名およびパス名) を取得される脆弱性 - CVE-2006-6838 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231499 6.8 警告 sergey oblomov - Total Commander 用の ISO プラグインの LoadTree などの関数におけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2006-6837 2012-12-20 18:02 2006-12-31 Show GitHub Exploit DB Packet Storm
231500 7.5 危険 yrch - Yrch! の plugins/metasearch/plug.inc.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6823 2012-12-20 18:02 2006-12-29 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
661 5.5 MEDIUM
Local 		microsoft teams Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally. Update CWE-552
 Files or Directories Accessible to External Parties 		CVE-2026-32185 2026-05-18 22:33 2026-05-13 Show GitHub Exploit DB Packet Storm
662 4.3 MEDIUM
Network 		microsoft edge_chromium User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Update CWE-451
 User Interface (UI) Misrepresentation of Critical Information 		CVE-2026-40416 2026-05-18 22:26 2026-05-13 Show GitHub Exploit DB Packet Storm
663 7.5 HIGH
Network 		- - A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS pa… New CWE-475
 Undefined Behavior for Input to API 		CVE-2026-42009 2026-05-18 22:16 2026-05-18 Show GitHub Exploit DB Packet Storm
664 9.8 CRITICAL
Network 		netty netty Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpObjectDecoder strips a conflicting Content-Length header when a request carries both… Update CWE-444
HTTP Request Smuggling 		CVE-2026-42581 2026-05-18 22:14 2026-05-14 Show GitHub Exploit DB Packet Storm
665 9.8 CRITICAL
Network 		espressif arduino-esp32 arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, the WebServer multipart form parser in arduino-esp32 allocates a … Update CWE-121
Stack-based Buffer Overflow 		CVE-2026-42854 2026-05-18 22:09 2026-05-13 Show GitHub Exploit DB Packet Storm
666 8.8 HIGH
Network 		mongodb mongodb An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issu… Update CWE-787
 Out-of-bounds Write 		CVE-2026-8053 2026-05-18 22:06 2026-05-13 Show GitHub Exploit DB Packet Storm
667 7.5 HIGH
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handle… Update CWE-362
Race Condition 		CVE-2026-42594 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
668 8.2 HIGH
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames t… Update CWE-73
CWE-184
 External Control of File Name or Path
 Incomplete Blacklist 		CVE-2026-40893 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
669 8.2 HIGH
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint (/forms/libreoffice/convert) passes uploaded documents directly to LibreOffice without … Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42591 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm
670 5.9 MEDIUM
Network 		thecodingmachine gotenberg Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the /forms/chromium/convert/url and /forms/chromium/screenshot/url routes accept url=file:///tmp/... from anonymous callers… Update CWE-73
CWE-918
 External Control of File Name or Path
Server-Side Request Forgery (SSRF)  		CVE-2026-42597 2026-05-18 22:02 2026-05-15 Show GitHub Exploit DB Packet Storm