Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 19, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2481	9.8	緊急 Network	Shenzhen Tenda Technology Co.,Ltd.	i9 ファームウェア	Shenzhen Tenda Technology Co.,Ltd.のi9 ファームウェアにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-7036	2026-05-1 10:41	2026-04-26	Show	GitHub Exploit DB Packet Storm

2482	7.3	重要 Network	D-Link Systems, Inc.	DIR-822 ファームウェア	D-Link CorporationのDIR-822 ファームウェアにおける複数の脆弱性	CWE-74 CWE-77	CVE-2026-7067	2026-05-1 10:41	2026-04-27	Show	GitHub Exploit DB Packet Storm

2483	8.8	重要 Adjacent	ディーリンクジャパン株式会社	dir-825 ファームウェア	D-Link CorporationのDIR-825 ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7068	2026-05-1 10:41	2026-04-27	Show	GitHub Exploit DB Packet Storm

2484	8	重要 Adjacent	ディーリンクジャパン株式会社	dir-825 ファームウェア	D-Link CorporationのDIR-825 ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7069	2026-05-1 10:41	2026-04-27	Show	GitHub Exploit DB Packet Storm

2485	6.1	警告 Local	Artifex Software	MuPDF	Artifex SoftwareのMuPDFにおける複数の脆弱性	CWE-119 CWE-125	CVE-2026-7233	2026-05-1 10:41	2026-04-28	Show	GitHub Exploit DB Packet Storm

2486	7.2	重要 Network	D-Link Systems, Inc.	di-8100 ファームウェア	D-Link Corporationのdi-8100 ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7247	2026-05-1 10:41	2026-04-28	Show	GitHub Exploit DB Packet Storm

2487	9.4	緊急 Network	D-Link Systems, Inc.	di-8100 ファームウェア	D-Link Corporationのdi-8100 ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7248	2026-05-1 10:41	2026-04-28	Show	GitHub Exploit DB Packet Storm

2488	8.8	重要 Network	D-Link Systems, Inc.	DIR-825M ファームウェア	D-Link CorporationのDIR-825M ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7288	2026-05-1 10:41	2026-04-28	Show	GitHub Exploit DB Packet Storm

2489	8.8	重要 Network	D-Link Systems, Inc.	DIR-825M ファームウェア	D-Link CorporationのDIR-825M ファームウェアにおける複数の脆弱性	CWE-119 CWE-120	CVE-2026-7289	2026-05-1 10:41	2026-04-28	Show	GitHub Exploit DB Packet Storm

2490	4.3	警告 Network	Google	Google Chrome	GoogleのGoogle Chromeにおける不変と仮定される Web パラメータの外部制御に関する脆弱性	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-7340	2026-05-1 10:41	2026-04-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1061	-		-	-	Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to loss of confidenti…	CWE-306 Missing Authentication for Critical Function	CVE-2025-62619	2026-05-15 00:53	2026-05-15	Show	GitHub Exploit DB Packet Storm

1062	-		-	-	Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resource…	CWE-269 Improper Privilege Management	CVE-2025-62625	2026-05-15 00:53	2026-05-15	Show	GitHub Exploit DB Packet Storm

1063	-		-	-	Unsafe OpenSSL initialization within some AMD optional tools may allow a local user-privileged attacker to inject a malicious DLL, potentially resulting in arbitrary code execution.	CWE-427 Uncontrolled Search Path Element	CVE-2025-62628	2026-05-15 00:53	2026-05-15	Show	GitHub Exploit DB Packet Storm

1064	5.5	MEDIUM Local	microsoft	windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2025	Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.	CWE-125 Out-of-bounds Read	CVE-2026-35419	2026-05-15 00:52	2026-05-13	Show	GitHub Exploit DB Packet Storm

1065	7.1	HIGH Local	m2team	nanazip	NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a stack-based out-of-bounds read exists in the ZealFS filesystem image parser in NanaZip. The vulnerability is triggered …	CWE-125 Out-of-bounds Read	CVE-2026-42446	2026-05-15 00:49	2026-05-13	Show	GitHub Exploit DB Packet Storm

1066	7.1	HIGH Network	m2team	nanazip	NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a one-byte heap out-of-bounds null write exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is …	CWE-787 Out-of-bounds Write	CVE-2026-44215	2026-05-15 00:48	2026-05-13	Show	GitHub Exploit DB Packet Storm

1067	8.8	HIGH Adjacent	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.	CWE-122 Heap-based Buffer Overflow	CVE-2026-34329	2026-05-15 00:43	2026-05-13	Show	GitHub Exploit DB Packet Storm

1068	7.5	HIGH Network	vllm	vllm	vLLM is an inference and serving engine for large language models (LLMs). From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, tex…	CWE-129 Improper Validation of Array Index	CVE-2026-44222	2026-05-15 00:38	2026-05-13	Show	GitHub Exploit DB Packet Storm

1069	10.0	CRITICAL Network	vm2_project	vm2	vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be usi…	CWE-94 Code Injection	CVE-2026-43997	2026-05-15 00:37	2026-05-14	Show	GitHub Exploit DB Packet Storm

1070	8.5	HIGH Network	vm2_project	vm2	vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the all…	CWE-59 Link Following	CVE-2026-43998	2026-05-15 00:36	2026-05-14	Show	GitHub Exploit DB Packet Storm