Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 16, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3171	9	緊急 Network	Thymeleaf	Thymeleaf	Thymeleafにおける複数の脆弱性	CWE-1336 CWE-917	CVE-2026-40477	2026-04-27 10:48	2026-04-17	Show	GitHub Exploit DB Packet Storm

3172	9	緊急 Network	Thymeleaf	Thymeleaf	Thymeleafにおける複数の脆弱性	CWE-1336 CWE-917	CVE-2026-40478	2026-04-27 10:47	2026-04-17	Show	GitHub Exploit DB Packet Storm

3173	7.1	重要 Local	Craig J. Bass (craigjbass)	ClearanceKit	Craig J. Bass (craigjbass)のClearanceKitにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-40599	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

3174	4.4	警告 Local	Craig J. Bass (craigjbass)	ClearanceKit	Craig J. Bass (craigjbass)のClearanceKitにおける保護メカニズムの不具合に関する脆弱性	CWE-693 保護メカニズムの不具合	CVE-2026-40604	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

3175	4.8	警告 Network	mitmproxy	mitmproxy	mitmproxyにおけるLDAP インジェクションの脆弱性	CWE-90 LDAP インジェクション	CVE-2026-40606	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

3176	7.5	重要 Network	coturn project	coturn	coturn projectのcoturnにおける不正な型変換に関する脆弱性	CWE-704 不正な型変換またはキャスト	CVE-2026-40613	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

3177	8.8	重要 Network	goshs	goshs	goshsにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-40876	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

3178	7.5	重要 Network		-	NestJSにおける再帰制御に関する脆弱性	CWE-674 不適切な再帰制御	CVE-2026-40879	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

3179	7.6	重要 Network	openremote	openremote	openremoteにおけるXML 外部エンティティの脆弱性	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2026-40882	2026-04-27 10:47	2026-04-22	Show	GitHub Exploit DB Packet Storm

3180	8.3	重要 Network	WWBN	AVideo	WWBNのAVideoにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-40925	2026-04-27 10:47	2026-04-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
31	6.4	MEDIUM Network	-	-	Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers wi… New	CWE-79 Cross-site Scripting	CVE-2020-37237	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

32	6.4	MEDIUM Network	-	-	NewsLister contains an authenticated persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the title parameter in the news additio… New	CWE-79 Cross-site Scripting	CVE-2020-37236	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

33	6.4	MEDIUM Network	-	-	WordPress Theme Wibar 1.1.8 contains a stored cross-site scripting vulnerability in the Brand component that allows authenticated users to inject malicious scripts by manipulating the Logo URL parame… New	CWE-79 Cross-site Scripting	CVE-2020-37235	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

34	6.2	MEDIUM Local	-	-	Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can … New	CWE-120 Classic Buffer Overflow	CVE-2020-37234	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

35	6.4	MEDIUM Network	-	-	WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the fi… New	CWE-79 Cross-site Scripting	CVE-2020-37233	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

36	7.8	HIGH Local	-	-	Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service binary path that allows local attackers to escalate privileges. Atta… New	CWE-428 Unquoted Search Path or Element	CVE-2020-37232	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

37	7.8	HIGH Local	-	-	Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Atta… New	CWE-428 Unquoted Search Path or Element	CVE-2020-37231	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

38	7.8	HIGH Local	-	-	Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local attackers to escalate privileges by exploiting the unquoted binary path… New	CWE-428 Unquoted Search Path or Element	CVE-2020-37230	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

39	7.8	HIGH Local	-	-	OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to escalate privileges by inserting executable files into the unqu… New	CWE-428 Unquoted Search Path or Element	CVE-2020-37229	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

40	9.8	CRITICAL Network	-	-	iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication by requesting the autoLoginVerifyCode object. Attackers can retr… New	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2020-37228	2026-05-17 01:16	2026-05-17	Show	GitHub Exploit DB Packet Storm