Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2911 4.3 警告
Network 		dnnsoftware dotnetnuke dnnsoftwareのdotnetnukeにおける認可に関する脆弱性 CWE-285
不適切な認可 		CVE-2026-40305 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
2912 6.5 警告
Network 		dnnsoftware dotnetnuke dnnsoftwareのdotnetnukeにおける不十分なランダム値の使用に関する脆弱性 CWE-330
不十分なランダム値の使用 		CVE-2026-40306 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
2913 8 重要
Network 		dnnsoftware dotnetnuke dnnsoftwareのdotnetnukeにおける代替 XSS 構文の不適切な無効化に関する脆弱性 CWE-87
代替 XSS 構文の不適切な無効化 		CVE-2026-40321 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
2914 5.3 警告
Network 		The FastAPI Expert python-multipart The FastAPI Expertのpython-multipartにおける複数の脆弱性 CWE-400
CWE-834
CVE-2026-40347 2026-04-27 10:48 2026-04-18 Show GitHub Exploit DB Packet Storm
2915 5.4 警告
Network 		wger wger wger Projectのwgerにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40353 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
2916 7.6 重要
Network 		wger wger wger Projectのwgerにおける複数の脆弱性 CWE-284
CWE-862
CVE-2026-40474 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
2917 9 緊急
Network 		Thymeleaf Thymeleaf Thymeleafにおける複数の脆弱性 CWE-1336
CWE-917
CVE-2026-40477 2026-04-27 10:48 2026-04-17 Show GitHub Exploit DB Packet Storm
2918 9 緊急
Network 		Thymeleaf Thymeleaf Thymeleafにおける複数の脆弱性 CWE-1336
CWE-917
CVE-2026-40478 2026-04-27 10:47 2026-04-17 Show GitHub Exploit DB Packet Storm
2919 7.1 重要
Local 		Craig J. Bass (craigjbass) ClearanceKit Craig J. Bass (craigjbass)のClearanceKitにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-40599 2026-04-27 10:47 2026-04-21 Show GitHub Exploit DB Packet Storm
2920 4.4 警告
Local 		Craig J. Bass (craigjbass) ClearanceKit Craig J. Bass (craigjbass)のClearanceKitにおける保護メカニズムの不具合に関する脆弱性 CWE-693
保護メカニズムの不具合 		CVE-2026-40604 2026-04-27 10:47 2026-04-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
315051 - - - A vulnerability classified as critical has been found in TOTOLINK N350RT 9.3.5u.6139_B20201216. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argume… CWE-120
Classic Buffer Overflow 		CVE-2024-7462 2024-08-5 09:15 2024-08-5 Show GitHub Exploit DB Packet Storm
315052 - - - Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) - CVE-2024-7256 2024-08-4 03:35 2024-08-2 Show GitHub Exploit DB Packet Storm
315053 - - - Uninitialized Use in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s… - CVE-2024-6990 2024-08-4 03:35 2024-08-2 Show GitHub Exploit DB Packet Storm
315054 - - - The socialdriver-framework WordPress plugin before 2024.04.30 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Sit… - CVE-2024-2872 2024-08-3 04:35 2024-08-1 Show GitHub Exploit DB Packet Storm
315055 - - - An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the getCacheFileName function in file.go file - CVE-2024-40465 2024-08-3 04:35 2024-08-1 Show GitHub Exploit DB Packet Storm
315056 - - - Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information. - CVE-2024-41259 2024-08-3 01:35 2024-08-2 Show GitHub Exploit DB Packet Storm
315057 - - - A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function. - CVE-2024-41265 2024-08-3 01:35 2024-08-2 Show GitHub Exploit DB Packet Storm
315058 5.3 MEDIUM
Network 		- - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-34802. Reason: This candidate is a duplicate of CVE-2024-34802. Notes: All CVE users should reference CVE-2024-348… - CVE-2024-1715 2024-08-3 00:16 2024-08-1 Show GitHub Exploit DB Packet Storm
315059 4.4 MEDIUM
Local 		dell emc_idrac_service_module Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service … CWE-787
 Out-of-bounds Write 		CVE-2024-25948 2024-08-2 22:55 2024-08-1 Show GitHub Exploit DB Packet Storm
315060 4.4 MEDIUM
Local 		dell emc_idrac_service_module Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service … CWE-787
 Out-of-bounds Write 		CVE-2024-25947 2024-08-2 22:55 2024-08-1 Show GitHub Exploit DB Packet Storm