Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
241	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Office Long Term Servicing Channel (LTSC)	Microsoft Office のリモートコードが実行される脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-40358	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

242	7.8	重要 Local	マイクロソフト	Microsoft Office Online Server Microsoft Excel Microsoft Office Office Long Term Servicing Channel (LTSC) Microsoft 365 Apps	Microsoft Excel のリモートでコードが実行される脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-40359	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

243	7.8	重要 Local	マイクロソフト	Microsoft Office Online Server Microsoft Excel Microsoft Office Office Long Term Servicing Channel (LTSC) Microsoft 365 Apps	Microsoft Excel の情報漏えいの脆弱性 New	CWE-125 境界外読み取り	CVE-2026-40360	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

244	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Microsoft Word Office Long Term Servicing Channel (LTSC)	Microsoft Word のリモートでコードが実行される脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-40361	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

245	7.8	重要 Local	マイクロソフト	Microsoft Office Online Server Microsoft Excel Microsoft Office Office Long Term Servicing Channel (LTSC) Microsoft 365 Apps	Microsoft Excel のリモートでコードが実行される脆弱性 New	CWE-122 ヒープオーバーフロー	CVE-2026-40362	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

246	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Office Long Term Servicing Channel (LTSC)	Microsoft Office のリモートコードが実行される脆弱性 New	CWE-122 ヒープオーバーフロー	CVE-2026-40363	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

247	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Microsoft Word Office Long Term Servicing Channel (LTSC)	Microsoft Word のリモートでコードが実行される脆弱性 New	CWE-122 CWE-843 CWE-908	CVE-2026-40364	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

248	8.4	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Microsoft Word Office Long Term Servicing Channel (LTSC)	Microsoft Word のリモートでコードが実行される脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-40366	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

249	8.4	重要 Local	マイクロソフト	Microsoft Office Office Long Term Servicing Channel (LTSC) Microsoft 365 Apps Microsoft SharePoint Server Microsoft Word	Microsoft Word のリモートでコードが実行される脆弱性 New	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-40367	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

250	7.8	重要 Local	マイクロソフト	Microsoft 365 Apps Microsoft Office Office Long Term Servicing Channel (LTSC)	Microsoft Office クイック実行の特権の昇格の脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-40418	2026-05-21 10:52	2026-05-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
311591	6.1	MEDIUM Network	microchip	timeprovider_4100_firmware	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Microchip TimeProvider 4100 (data plot modules) allows Reflected XSS.This issue affects Ti…	CWE-79 Cross-site Scripting	CVE-2024-43686	2024-10-17 04:20	2024-10-5	Show	GitHub Exploit DB Packet Storm

311592	8.2	HIGH Network	cacti	cacti	Cacti is an open source performance and fault management framework. The`consolenewsection` parameter is not properly sanitized when saving external links in links.php . Morever, the said consolenewse…	CWE-79 Cross-site Scripting	CVE-2024-43365	2024-10-17 04:15	2024-10-8	Show	GitHub Exploit DB Packet Storm

311593	8.8	HIGH Network	phpoffice	phpspreadsheet	PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images h…	CWE-22 CWE-918 Path Traversal Server-Side Request Forgery (SSRF)	CVE-2024-45291	2024-10-17 04:09	2024-10-8	Show	GitHub Exploit DB Packet Storm

311594	5.3	MEDIUM Network	php-fpm	php-fpm	In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being proce…	NVD-CWE-noinfo	CVE-2024-8925	2024-10-17 03:53	2024-10-8	Show	GitHub Exploit DB Packet Storm

311595	-		-	-	SQL Injection vulnerability in OpenHIS v.1.0 allows an attacker to execute arbitrary code via the refund function in the PayController.class.php component.	-	CVE-2024-46532	2024-10-17 03:35	2024-10-12	Show	GitHub Exploit DB Packet Storm

311596	8.8	HIGH Network	php-fpm	php-fpm	In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/a…	CWE-78 OS Command	CVE-2024-8926	2024-10-17 03:35	2024-10-8	Show	GitHub Exploit DB Packet Storm

311597	3.3	LOW Local	php-fpm	php-fpm	In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using PHP-FPM SAPI and it is configured to catch workers output through catch_workers_output = yes, it may be possi…	NVD-CWE-Other	CVE-2024-9026	2024-10-17 03:30	2024-10-8	Show	GitHub Exploit DB Packet Storm

311598	7.5	HIGH Network	php-fpm	php-fpm	In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or not CGI binary is being run by the HTTP server. However, in ce…	NVD-CWE-noinfo	CVE-2024-8927	2024-10-17 03:28	2024-10-8	Show	GitHub Exploit DB Packet Storm

311599	8.2	HIGH Network	qualcomm	wsa8845h_firmware wsa8845_firmware wsa8840_firmware wsa8835_firmware wsa8832_firmware wsa8830_firmware wcd9395_firmware wcd9390_firmware wcd9385_firmware wcd9380_firmware	Information disclosure while parsing the BSS parameter change count or MLD capabilities fields of the ML IE.	CWE-125 Out-of-bounds Read	CVE-2024-33073	2024-10-17 03:25	2024-10-7	Show	GitHub Exploit DB Packet Storm

311600	7.5	HIGH Network	qualcomm	snapdragon_8\+_gen_2_mobile_platform_firmware wsa8845h_firmware wsa8845_firmware wsa8840_firmware wsa8835_firmware wsa8832_firmware wsa8830_firmware wcd9395_firmware wcd9390_f…	Transient DOS while parsing probe response and assoc response frame.	CWE-125 Out-of-bounds Read	CVE-2024-38397	2024-10-17 03:23	2024-10-7	Show	GitHub Exploit DB Packet Storm