Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2871	7.3	重要 Network	ShadowCloneLabs	Glutamate MCP Servers	ShadowCloneLabsのGlutamate MCP Serversにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-7094	2026-05-7 12:00	2026-04-27	Show	GitHub Exploit DB Packet Storm

2872	5.4	警告 Network	helpy.io	helpy	helpy.ioのhelpyにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40229	2026-05-7 12:00	2026-04-29	Show	GitHub Exploit DB Packet Storm

2873	5.4	警告 Network	helpy.io	helpy	helpy.ioのhelpyにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40230	2026-05-7 12:00	2026-04-29	Show	GitHub Exploit DB Packet Storm

2874	7.5	重要 Network	Exim Development	Exim	Exim DevelopmentのEximにおける指定された機能の不適切な提供に関する脆弱性	CWE-684 指定された機能の不適切な提供	CVE-2026-40684	2026-05-7 12:00	2026-04-30	Show	GitHub Exploit DB Packet Storm

2875	9.8	緊急 Network	Exim Development	Exim	Exim DevelopmentのEximにおける複数の脆弱性	CWE-684 CWE-787	CVE-2026-40685	2026-05-7 12:00	2026-04-30	Show	GitHub Exploit DB Packet Storm

2876	5.3	警告 Network	Exim Development	Exim	Exim DevelopmentのEximにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-40686	2026-05-7 12:00	2026-04-30	Show	GitHub Exploit DB Packet Storm

2877	9.1	緊急 Network	Exim Development	Exim	Exim DevelopmentのEximにおけるリソースの初期化の不備に関する脆弱性	CWE-909 リソースの初期化の不備	CVE-2026-40687	2026-05-7 12:00	2026-04-30	Show	GitHub Exploit DB Packet Storm

2878	6.5	警告 Network	The Prosody Team	Prosody	The Prosody TeamのProsodyにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-43504	2026-05-7 12:00	2026-05-1	Show	GitHub Exploit DB Packet Storm

2879	6.5	警告 Network	The Prosody Team	Prosody	The Prosody TeamのProsodyにおける保護されていない代替チャネルに関する脆弱性	CWE-420 保護されていない代替チャネル	CVE-2026-43505	2026-05-7 12:00	2026-05-1	Show	GitHub Exploit DB Packet Storm

2880	7.5	重要 Network	The Prosody Team	Prosody	The Prosody TeamのProsodyにおける有効期限後のメモリの解放の欠如に関する脆弱性	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-43506	2026-05-7 11:59	2026-05-1	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1371	-		-	-	Sparx Enterprise Architect software has a security feature that limits user's actions to those specified in the role. An authenticated attacker can modify the Enterprise Architect client behavior (e…	CWE-603 Use of Client-Side Authentication	CVE-2026-42098	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

1372	-		-	-	Sparx Pro Cloud Server is vulnerable to a Race Condition in the /data_api/dl_internal_artifact.php endpoint. The application downloads the properties of the object pointed by guid parameter and saves…	CWE-362 Race Condition	CVE-2026-42099	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

1373	-		-	-	Improper Handling of Syntactically Invalid Structure in Sparx Pro Cloud Server allows Denial of Service (DoS) attack to be executed by sending an specially crafted SQL query. This causes the Pro Clou…	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-42100	2026-05-19 23:45	2026-05-19	Show	GitHub Exploit DB Packet Storm

1374	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

1375	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

1376	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

1377	-		-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

1378	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

1379	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

1380	9.8	CRITICAL Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…	CWE-426 Untrusted Search Path	CVE-2026-45772	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm