Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 22, 2026, 12:09 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2801	5.5	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおける誤って解決された名前や参照の使用に関する脆弱性	CWE-706 誤って解決された名前や参照の使用	CVE-2026-35358	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2802	6.6	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおけるリンク解釈に関する脆弱性	CWE-59 リンク解釈の問題	CVE-2026-35365	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2803	4.4	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおける例外的な状態のチェックに関する脆弱性	CWE-754 例外的な状態における不適切なチェック	CVE-2026-35366	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2804	5.5	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおける入力確認に関する脆弱性	CWE-20 不適切な入力確認	CVE-2026-35369	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2805	4.4	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-35370	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2806	3.3	低 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおけるユーザインターフェースにおける重要情報の誤った表示に関する脆弱性	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-35371	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2807	5	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおけるUNIX Symbolic Link のフォローに関する脆弱性	CWE-61 UNIX Symbolic Link のフォロー	CVE-2026-35372	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2808	5.5	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおけるUnicode エンコーディングの処理に関する脆弱性	CWE-176 Unicode エンコーディングの不適切な処理	CVE-2026-35373	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2809	6.3	警告 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおけるTime-of-check Time-of-use (TOCTOU) 競合状態の脆弱性	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-35374	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

2810	3.3	低 Local	Uutils	uutils coreutils	Uutilsのuutils coreutilsにおけるUnicode エンコーディングの処理に関する脆弱性	CWE-176 Unicode エンコーディングの不適切な処理	CVE-2026-35375	2026-05-7 11:26	2026-04-22	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 22, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1051	6.3	MEDIUM Network	-	-	ORSEE (Online Recruitment System for Economic Experiments) 3.1.0 contains an authenticated Remote Code Execution vulnerability in the participant profile field processing subsystem. Certain field con…	CWE-94 Code Injection	CVE-2025-67031	2026-05-19 01:16	2026-05-16	Show	GitHub Exploit DB Packet Storm

1052	5.5	MEDIUM Adjacent	google	chrome	Inappropriate implementation in Chromoting in Google Chrome prior to 148.0.7778.168 allowed a local attacker to bypass discretionary access control via a malicious file. (Chromium security severity: …	CWE-284 Improper Access Control	CVE-2026-8586	2026-05-19 00:28	2026-05-15	Show	GitHub Exploit DB Packet Storm

1053	7.5	HIGH Network	fleetdm	fleet	Fleet is open source device management software. Prior to version 4.80.1, a vulnerability in Fleet's IP extraction logic allows unauthenticated attackers to bypass API rate limiting by spoofing clien…	CWE-290 Authentication Bypass by Spoofing	CVE-2026-46356	2026-05-19 00:27	2026-05-15	Show	GitHub Exploit DB Packet Storm

1054	6.5	MEDIUM Network	webpack.js	webpack-dev-server	webpack-dev-server versions up to and including 5.2.3 are vulnerable to cross-origin source code exposure when serving over a non-potentially trustworthy origin such as plain HTTP. The previous fix r…	CWE-749 Exposed Dangerous Method or Function	CVE-2026-6402	2026-05-19 00:23	2026-05-12	Show	GitHub Exploit DB Packet Storm

1055	5.3	MEDIUM Network	-	-	### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not ha…	CWE-476 NULL Pointer Dereference	CVE-2026-8723	2026-05-19 00:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

1056	7.8	HIGH Local	amd	radeon_software cleanup_utility	A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.	CWE-427 Uncontrolled Search Path Element	CVE-2024-36333	2026-05-19 00:15	2026-05-15	Show	GitHub Exploit DB Packet Storm

1057	8.8	HIGH Network	postgresql	postgresql	Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if…	CWE-89 CWE-121 SQL Injection Stack-based Buffer Overflow	CVE-2026-6637	2026-05-19 00:05	2026-05-14	Show	GitHub Exploit DB Packet Storm

1058	4.3	MEDIUM Network	postgresql	postgresql	Buffer over-read in PostgreSQL function pg_restore_attribute_stats() accepts array values of unmatched length, which causes query planning to read past end of one array. This allows a table maintain…	CWE-126 Buffer Over-read	CVE-2026-6575	2026-05-19 00:04	2026-05-14	Show	GitHub Exploit DB Packet Storm

1059	7.5	HIGH Network	postgresql	postgresql	Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disable…	CWE-674 Uncontrolled Recursion	CVE-2026-6479	2026-05-19 00:04	2026-05-14	Show	GitHub Exploit DB Packet Storm

1060	6.5	MEDIUM Network	postgresql	postgresql	Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 …	CWE-385 Covert Timing Channel	CVE-2026-6478	2026-05-19 00:03	2026-05-14	Show	GitHub Exploit DB Packet Storm