Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 29, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
257421	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

257422	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

257423	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

257424	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 30, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
721	7.8	HIGH Local	-	-	A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca… New	CWE-787 Out-of-bounds Write	CVE-2026-48864	2026-05-28 23:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

722	-		-	-	RELATE is a web-based courseware package. Prior to commit d66ba5659b459bf1ba56b7109b5f9ecf197cbefb, RELATE LMS configures its Celery workers to accept and deserialize untrusted 'pickle' data. An atta… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-47161	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

723	7.7	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.38.1, the REST datasource integration (packages/server/src/integrations/rest.ts) follows HTTP redirects without re-checking the IP blacklist, … New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45715	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

724	7.8	HIGH Local	-	-	uniget is a universal installer and updater for (container) tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files u… New	CWE-78 OS Command	CVE-2026-45152	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

725	10.0	CRITICAL Network	-	-	Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode (dalfox server), the server binds to 0.0.0.0:6664 by de… New	CWE-15 CWE-78 CWE-306 External Control of System or Configuration Setting OS Command Missing Authentication for Critical Function	CVE-2026-45087	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

726	5.0	MEDIUM Network	-	-	Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate … New	CWE-78 CWE-1336 OS Command Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-44723	2026-05-28 23:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

727	7.9	HIGH Local	-	-	pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption… New	CWE-59 CWE-287 Link Following Improper Authentication	CVE-2026-44711	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

728	7.5	HIGH Network	-	-	Kysely is a type-safe TypeScript SQL query builder. From 0.26.0 to 0.28.16, DefaultQueryCompiler.visitJSONPathLeg does not escape JSON-path metacharacters (., [, ], , *, ?). When attacker-controlle… New	CWE-22 CWE-89 CWE-915 CWE-1284 Path Traversal SQL Injection Improperly Controlled Modification of Dynamically-Determined Object Attributes Improper Validation of Specified Quantity in Input	CVE-2026-44635	2026-05-28 23:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

729	7.5	HIGH Network	archive\	\	Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without va… New	CWE-59 CWE-732 Link Following Incorrect Permission Assignment for Critical Resource	CVE-2026-42497	2026-05-28 23:16	2026-05-26	Show	GitHub Exploit DB Packet Storm

730	9.1	CRITICAL Network	archive\	\	Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() with… New	CWE-59 Link Following	CVE-2026-42496	2026-05-28 23:16	2026-05-26	Show	GitHub Exploit DB Packet Storm