Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 14, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3751	8.1	重要 Network	VMware	Spring Cloud Config	VMwareのSpring Cloud ConfigにおけるTime-of-check Time-of-use (TOCTOU) 競合状態の脆弱性	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-41002	2026-05-14 10:19	2026-05-7	Show	GitHub Exploit DB Packet Storm

3752	4.4	警告 Local	VMware	Spring Cloud Config	VMwareのSpring Cloud Configにおけるログファイルからの情報漏えいに関する脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2026-41004	2026-05-14 10:19	2026-05-7	Show	GitHub Exploit DB Packet Storm

3753	5.3	警告 Network	Sync-in	Sync-in Server	Sync-inのSync-in Serverにおけるタイミングの違いに起因する情報漏えいに関する脆弱性	CWE-208 タイミングの違いに起因する情報漏えい	CVE-2026-41161	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3754	5.3	警告 Network	angular	angular	angularにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-41423	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3755	8.1	重要 Network	Linux Foundation	dapr	Linux Foundationのdaprにおける複数の脆弱性	CWE-22 CWE-284 CWE-noinfo	CVE-2026-41491	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3756	7.5	重要 Network	Loren Segal	YARD	Loren SegalのYARDにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2026-41493	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3757	3.3	低 Network	Kimai project	kimai	Kimai projectのKimaiにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2026-41498	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3758	7.4	重要 Network	go-git project	go-git	go-git projectのgo-gitにおける認証情報の不十分な保護に関する脆弱性	CWE-522 認証情報の不十分な保護	CVE-2026-41506	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3759	8.1	重要 Network	Andreas Kloeckner	RELATE	Andreas KloecknerのRELATEにおける複数の脆弱性	CWE-203 CWE-208	CVE-2026-41588	2026-05-14 10:19	2026-05-8	Show	GitHub Exploit DB Packet Storm

3760	8.8	重要 Network	NocoBase	NocoBase	NocoBaseにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2026-41640	2026-05-14 10:19	2026-05-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
313051	-		-	-	Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module.	-	CVE-2024-25255	2024-11-20 02:35	2024-11-12	Show	GitHub Exploit DB Packet Storm

313052	-		-	-	Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module.	-	CVE-2024-25253	2024-11-20 02:35	2024-11-12	Show	GitHub Exploit DB Packet Storm

313053	9.8	CRITICAL Network	schneider-electric	ecostruxure_it_gateway	CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when enabled on the network and potentially impacting connected devices.	CWE-862 Missing Authorization	CVE-2024-10575	2024-11-20 02:28	2024-11-13	Show	GitHub Exploit DB Packet Storm

313054	-		-	-	Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location dif…	CWE-22 Path Traversal	CVE-2024-52600	2024-11-20 02:15	2024-11-20	Show	GitHub Exploit DB Packet Storm

313055	4.3	MEDIUM Network	janeczku	calibre-web	A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users. This issue occurs in the file shelf.py at line 221, where the name of …	CWE-209 Information Exposure Through an Error Message	CVE-2021-3986	2024-11-20 02:12	2024-11-15	Show	GitHub Exploit DB Packet Storm

313056	9.8	CRITICAL Network	dompdf_project	dompdf	An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio…	CWE-611 XXE	CVE-2021-3902	2024-11-20 02:12	2024-11-15	Show	GitHub Exploit DB Packet Storm

313057	5.4	MEDIUM Network	sylius	sylius	sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files. This vulnerability allows attackers to inject malicious scripts that…	CWE-79 Cross-site Scripting	CVE-2021-3841	2024-11-20 02:11	2024-11-15	Show	GitHub Exploit DB Packet Storm

313058	9.8	CRITICAL Network	dompdf_project	dompdf	DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o…	CWE-502 Deserialization of Untrusted Data	CVE-2021-3838	2024-11-20 02:11	2024-11-15	Show	GitHub Exploit DB Packet Storm

313059	8.8	HIGH Network	chatwoot	chatwoot	A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a …	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2021-3742	2024-11-20 02:10	2024-11-15	Show	GitHub Exploit DB Packet Storm

313060	8.8	HIGH Network	vanquish	user_extra_fields	The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…	CWE-862 Missing Authorization	CVE-2024-10800	2024-11-20 02:08	2024-11-13	Show	GitHub Exploit DB Packet Storm