Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 18, 2026, 4:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3271 7.5 重要
Network 		Pivotal Software, Inc. Spring Security VMwareのSpring Securityにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-22754 2026-04-27 11:28 2026-04-22 Show GitHub Exploit DB Packet Storm
3272 7.8 重要
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2026-23344 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3273 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-23345 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3274 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-23346 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3275 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-23347 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3276 4.7 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける競合状態に関する脆弱性 CWE-362
競合状態 		CVE-2026-23348 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3277 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux KernelにおけるNULL ポインタデリファレンスに関する脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2026-23349 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3278 7.8 重要
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性 CWE-401
有効期限後のメモリの解放の欠如 		CVE-2026-23350 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3279 7.8 重要
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2026-23351 2026-04-27 11:28 2026-03-25 Show GitHub Exploit DB Packet Storm
3280 5.5 警告
Local 		Linux Linux Kernel LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性 CWE-401
有効期限後のメモリの解放の欠如 		CVE-2026-23352 2026-04-27 11:27 2026-03-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
131 9.8 CRITICAL
Network 		libexpat_project libexpat `xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this… Update CWE-331
 Insufficient Entropy 		CVE-2026-7210 2026-05-16 12:05 2026-05-12 Show GitHub Exploit DB Packet Storm
132 8.1 HIGH
Network 		bitwarden server Bitwarden Server prior to v2026.4.1 does not require master-password re-authentication when retrieving or rotating an organization's SCIM API key, allowing an authenticated user with SCIM management … Update CWE-303
 Incorrect Implementation of Authentication Algorithm 		CVE-2026-43640 2026-05-16 12:04 2026-05-12 Show GitHub Exploit DB Packet Storm
133 9.1 CRITICAL
Network 		bitwarden server Bitwarden Server prior to v2026.4.0 contains a missing authorization vulnerability that allows a provider service user to add an arbitrary organization to their provider via `POST /providers/{provide… Update CWE-862
 Missing Authorization 		CVE-2026-43639 2026-05-16 12:04 2026-05-12 Show GitHub Exploit DB Packet Storm
134 5.4 MEDIUM
Network 		bitwarden server Bitwarden Server prior to v2026.4.1 contains a missing authorization vulnerability that allows any authenticated user to write ciphers into an arbitrary organization via `POST /ciphers/import-organiz… Update CWE-862
 Missing Authorization 		CVE-2026-43638 2026-05-16 11:55 2026-05-12 Show GitHub Exploit DB Packet Storm
135 5.6 MEDIUM
Network 		dell elastic_cloud_storage
objectscale 		Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica… Update CWE-302
 Authentication Bypass by Assumed-Immutable Data 		CVE-2025-43992 2026-05-16 11:52 2026-05-11 Show GitHub Exploit DB Packet Storm
136 8.8 HIGH
Network 		google chrome Use after free in GPU in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) New CWE-416
 Use After Free 		CVE-2026-8581 2026-05-16 11:48 2026-05-15 Show GitHub Exploit DB Packet Storm
137 7.6 HIGH
Network 		- - phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in Utils::parseUrl() that allows authenticated users to inject JavaScript via malformed URLs in comments. Attackers can craf… New CWE-79
Cross-site Scripting 		CVE-2026-46367 2026-05-16 11:16 2026-05-16 Show GitHub Exploit DB Packet Storm
138 6.9 MEDIUM
Network 		- - phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in search.twig where result.question and result.answerPreview are rendered with the raw filter, disabling autoescape protect… New CWE-79
Cross-site Scripting 		CVE-2026-46361 2026-05-16 11:16 2026-05-16 Show GitHub Exploit DB Packet Storm
139 - - - Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, there is an authenticated SQL injection issue in the frontend user order hist… New CWE-89
SQL Injection 		CVE-2026-45800 2026-05-16 11:16 2026-05-16 Show GitHub Exploit DB Packet Storm
140 3.5 LOW
Network 		- - The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry return… New CWE-636
 Not Failing Securely ('Failing Open') 		CVE-2026-45781 2026-05-16 11:16 2026-05-15 Show GitHub Exploit DB Packet Storm