Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2581 5.3 警告
Network 		The Go Project tiff The Go Projectのtiffにおける危険なタイプのファイルの無制限アップロードに関する脆弱性 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-33809 2026-04-23 10:12 2026-03-25 Show GitHub Exploit DB Packet Storm
2582 5.5 警告
Local 		jqlang jq jqlangのjqにおける再帰制御に関する脆弱性 CWE-674
不適切な再帰制御 		CVE-2026-33947 2026-04-23 10:12 2026-04-13 Show GitHub Exploit DB Packet Storm
2583 5.3 警告
Network 		jqlang jq jqlangのjqにおける複数の脆弱性 CWE-170
CWE-20
CVE-2026-33948 2026-04-23 10:12 2026-04-14 Show GitHub Exploit DB Packet Storm
2584 4.3 警告
Network 		openwebui open webui openwebuiのopen webuiにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-34225 2026-04-23 10:12 2026-04-14 Show GitHub Exploit DB Packet Storm
2585 7.7 重要
Network 		Weblate Weblate Weblateにおける複数の脆弱性 CWE-200
CWE-22
CWE-59
CVE-2026-34242 2026-04-23 10:12 2026-04-15 Show GitHub Exploit DB Packet Storm
2586 5 警告
Network 		Weblate Weblate Weblateにおける複数の脆弱性 CWE-200
CWE-918
CVE-2026-34244 2026-04-23 10:12 2026-04-15 Show GitHub Exploit DB Packet Storm
2587 8.8 重要
Network 		Weblate Weblate Weblateにおける権限管理に関する脆弱性 CWE-269
不適切な権限管理 		CVE-2026-34393 2026-04-23 10:12 2026-04-15 Show GitHub Exploit DB Packet Storm
2588 6.5 警告
Network 		McGill University LORIS (Longitudinal Online Research and Imaging System) McGill UniversityのLORIS (Longitudinal Online Research and Imaging System)におけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-34985 2026-04-23 10:12 2026-04-8 Show GitHub Exploit DB Packet Storm
2589 6.5 警告
Network 		McGill University LORIS (Longitudinal Online Research and Imaging System) McGill UniversityのLORIS (Longitudinal Online Research and Imaging System)におけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-35165 2026-04-23 10:12 2026-04-8 Show GitHub Exploit DB Packet Storm
2590 5.4 警告
Network 		McGill University LORIS (Longitudinal Online Research and Imaging System) McGill UniversityのLORIS (Longitudinal Online Research and Imaging System)における複数の脆弱性 CWE-552
CWE-79
CWE-79
CVE-2026-35169 2026-04-23 10:12 2026-04-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
181 7.2 HIGH
Network 		- - A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated (or weakly authenticated) access to privileged functionality. The backdoor is undocumented, cann… New CWE-912
 Hidden Functionality 		CVE-2026-7413 2026-05-9 08:16 2026-05-8 Show GitHub Exploit DB Packet Storm
182 6.6 MEDIUM
Local 		- - Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc… New CWE-122
CWE-190
Heap-based Buffer Overflow
 Integer Overflow or Wraparound 		CVE-2026-45130 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
183 3.8 LOW
Network 		- - SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If th… New CWE-269
 Improper Privilege Management 		CVE-2026-44987 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
184 - - - Vim is an open source, command line text editor. Prior to version 9.2.0435, an OS command injection vulnerability exists in Vim's :find command-line completion. When the path option contains backtick… New CWE-78
OS Command  		CVE-2026-44656 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
185 - - - FastGPT is an AI Agent building platform. Prior to version 4.14.17, an unauthenticated Server-Side Request Forgery (SSRF) vulnerability allows attackers (or authenticated users with App editing privi… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44286 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
186 6.3 MEDIUM
Network 		- - FastGPT is an AI Agent building platform. Prior to version 4.14.17, FastGPT had an inconsistent SSRF protection gap in MCP tool URL handling. The direct MCP preview/run endpoints already rejected int… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-44284 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
187 8.9 HIGH
Network 		- - Postiz is an AI social media scheduling tool. From version 2.21.6 to before version 2.21.7, any authenticated user who can create a post can store arbitrary HTML in post content by tampering their ow… New CWE-79
Cross-site Scripting 		CVE-2026-42556 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
188 4.3 MEDIUM
Network 		- - AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLL… New CWE-200
CWE-639
Information Exposure
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42456 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
189 9.9 CRITICAL
Network 		- - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, all Docker container management endpoints in Termix interpolate t… New CWE-78
OS Command  		CVE-2026-42454 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm
190 - - - Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.1.0, the extractArchive and compressFiles endpoints in file-manager.ts… New CWE-77
Command Injection 		CVE-2026-42453 2026-05-9 08:16 2026-05-9 Show GitHub Exploit DB Packet Storm