Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 23, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2341 8.8 重要
Adjacent 		Quantum Networks QN-I-470 Firmware Quantum NetworksのQN-I-470 Firmwareにおける脆弱なパスワードの要求に関する脆弱性 CWE-521
脆弱なパスワードポリシー 		CVE-2026-41038 2026-05-8 12:11 2026-04-21 Show GitHub Exploit DB Packet Storm
2342 7.5 重要
Network 		Quantum Networks QN-I-470 Firmware Quantum NetworksのQN-I-470 Firmwareにおける重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2026-41039 2026-05-8 12:11 2026-04-21 Show GitHub Exploit DB Packet Storm
2343 8.8 重要
Adjacent 		D-Link Systems, Inc. DIR-605L ファームウェア D-Link CorporationのDIR-605L ファームウェアにおけるハードコードされた認証情報の使用に関する脆弱性 CWE-798
ハードコードされた認証情報の使用 		CVE-2026-42372 2026-05-8 12:11 2026-05-4 Show GitHub Exploit DB Packet Storm
2344 8.8 重要
Adjacent 		D-Link Systems, Inc. DIR-605L ファームウェア D-Link CorporationのDIR-605L ファームウェアにおけるハードコードされた認証情報の使用に関する脆弱性 CWE-798
ハードコードされた認証情報の使用 		CVE-2026-42373 2026-05-8 12:11 2026-05-4 Show GitHub Exploit DB Packet Storm
2345 8.8 重要
Adjacent 		D-Link Systems, Inc. DIR-600L ファームウェア D-Link CorporationのDIR-600L ファームウェアにおけるハードコードされた認証情報の使用に関する脆弱性 CWE-798
ハードコードされた認証情報の使用 		CVE-2026-42374 2026-05-8 12:11 2026-05-4 Show GitHub Exploit DB Packet Storm
2346 8.8 重要
Adjacent 		D-Link Systems, Inc. DIR-600L ファームウェア D-Link CorporationのDIR-600L ファームウェアにおけるハードコードされた認証情報の使用に関する脆弱性 CWE-798
ハードコードされた認証情報の使用 		CVE-2026-42375 2026-05-8 12:11 2026-05-4 Show GitHub Exploit DB Packet Storm
2347 9.8 緊急
Network 		MIYAGAWA (Tatsuhiko Miyagawa) Plack::Middleware::Session::Cookie MIYAGAWA (Tatsuhiko Miyagawa)のPlack::Middleware::Session::Cookieにおける検証および完全性チェックを行っていない Cookie への依存に関する脆弱性 CWE-565
検証および完全性チェックを行っていない Cookie への依存 		CVE-2014-125112 2026-05-8 12:11 2026-03-26 Show GitHub Exploit DB Packet Storm
2348 7.5 重要
Network 		Lobster DATA GmbH Lobster_pro Lobster DATA GmbHのLobster_proにおけるXML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2024-13971 2026-05-8 12:11 2026-04-30 Show GitHub Exploit DB Packet Storm
2349 9.8 緊急
Network 		D-Link Systems, Inc. DIR-1253 Firmware D-Link CorporationのDIR-1253 Firmwareにおける権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2025-29165 2026-05-8 12:11 2026-03-5 Show GitHub Exploit DB Packet Storm
2350 4.4 警告
Local 		IBM Planning Analytics Advanced Certified Containers IBMのPlanning Analytics Advanced Certified Containersにおける複数の脆弱性 CWE-312
CWE-526
CVE-2025-36105 2026-05-8 12:11 2026-03-10 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1581 9.6 CRITICAL
Network 		- - soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app… CWE-20
CWE-79
CWE-94
CWE-862
 Improper Input Validation 
Cross-site Scripting
Code Injection
 Missing Authorization 		CVE-2026-44482 2026-05-15 03:19 2026-05-15 Show GitHub Exploit DB Packet Storm
1582 7.4 HIGH
Network 		- - Katalyst Koi is a framework for building Rails admin functionality. Prior to 4.20.0 and 5.6.0, admin session cookies were not invalidated when an admin user logged out. An attacker with access to a v… CWE-613
 Insufficient Session Expiration 		CVE-2026-44511 2026-05-15 03:19 2026-05-15 Show GitHub Exploit DB Packet Storm
1583 8.8 HIGH
Network 		arubanetworks arubaos
sd-wan 		Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… CWE-77
Command Injection 		CVE-2026-44867 2026-05-15 03:19 2026-05-13 Show GitHub Exploit DB Packet Storm
1584 6.5 MEDIUM
Network 		open5gs open5gs A security vulnerability has been detected in Open5GS up to 2.7.7. The affected element is the function yuarel_parse in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argu… CWE-404
 Improper Resource Shutdown or Release 		CVE-2026-8292 2026-05-15 03:19 2026-05-12 Show GitHub Exploit DB Packet Storm
1585 6.5 MEDIUM
Network 		open5gs open5gs A weakness has been identified in Open5GS up to 2.7.7. Impacted is the function ogs_nnrf_nfm_handle_nf_profile of the file lib/sbi/nnrf-handler.c of the component NRF. This manipulation causes denial… CWE-404
 Improper Resource Shutdown or Release 		CVE-2026-8291 2026-05-15 03:19 2026-05-12 Show GitHub Exploit DB Packet Storm
1586 8.8 HIGH
Network 		arubanetworks arubaos
sd-wan 		Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remo… CWE-77
Command Injection 		CVE-2026-44868 2026-05-15 03:17 2026-05-13 Show GitHub Exploit DB Packet Storm
1587 8.1 HIGH
Network 		- - azureauthextension is the Azure Authenticator Extension. From 0.124.0 to 0.150.0, a server-side authentication bypass in azureauthextension allows any party who holds a single valid Azure access toke… CWE-208
CWE-287
CWE-290
CWE-294
CWE-347
 Information Exposure Through Timing Discrepancy
Improper Authentication
 Authentication Bypass by Spoofing
Authentication Bypass by Capture-replay 
 Improper Verification of Cryptographic Signature 		CVE-2026-42602 2026-05-15 03:17 2026-05-14 Show GitHub Exploit DB Packet Storm
1588 - - - The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix he… CWE-22
CWE-601
Path Traversal
Open Redirect 		CVE-2026-44437 2026-05-15 03:17 2026-05-14 Show GitHub Exploit DB Packet Storm
1589 - - - PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44439 2026-05-15 03:17 2026-05-14 Show GitHub Exploit DB Packet Storm
1590 4.3 MEDIUM
Network 		- - Backstage is an open framework for building developer portals. Prior to 0.6.11, the unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permissi… CWE-863
 Incorrect Authorization 		CVE-2026-44374 2026-05-15 03:17 2026-05-15 Show GitHub Exploit DB Packet Storm