Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
3951	3.7	低 Network	オラクル	Oracle GraalVM for JDK Oracle GraalVM JRE JDK	オラクルのOracle GraalVM等の複数製品における制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-22018	2026-04-28 10:13	2026-04-21	Show	GitHub Exploit DB Packet Storm

3952	5.3	警告 Network	オラクル	Oracle GraalVM for JDK Oracle GraalVM JRE JDK	オラクルのOracle GraalVM等の複数製品におけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2026-22021	2026-04-28 10:13	2026-04-21	Show	GitHub Exploit DB Packet Storm

3953	8.1	重要 Network	Apache Software Foundation	Apache DolphinScheduler	Apache Software FoundationのApache DolphinSchedulerにおける不正な認証に関する脆弱性	CWE-863 不正な認証	CVE-2026-23902	2026-04-28 10:13	2026-04-24	Show	GitHub Exploit DB Packet Storm

3954	7.7	重要 Network	neutrinolabs	xrdp	neutrinolabsのxrdpにおけるデータの整合性検証不備に関する脆弱性	CWE-354 データの整合性検証不備	CVE-2026-32105	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

3955	8.8	重要 Local	neutrinolabs	xrdp	neutrinolabsのxrdpにおける削除された特権に対する不適切なチェックに関する脆弱性	CWE-273 削除された特権に対する不適切なチェック	CVE-2026-32107	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

3956	8.1	重要 Network	neutrinolabs	xrdp	neutrinolabsのxrdpにおけるヒープベースのバッファオーバーフローの脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-32623	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

3957	6.5	警告 Network	neutrinolabs	xrdp	neutrinolabsのxrdpにおけるヒープベースのバッファオーバーフローの脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-32624	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

3958	6.3	警告 Network	neutrinolabs	xrdp	neutrinolabsのxrdpにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2026-33145	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

3959	9.1	緊急 Network	neutrinolabs	xrdp	neutrinolabsのxrdpにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-33516	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

3960	9.1	緊急 Network	neutrinolabs	xrdp	neutrinolabsのxrdpにおける境界外読み取りに関する脆弱性	CWE-125 境界外読み取り	CVE-2026-33689	2026-04-28 10:13	2026-04-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
41	6.5	MEDIUM Network	-	-	Frappe HR is an open-source human resources management solution (HRMS). Prior to 16.5.0, authenticated employees could access other employees’ leave details due to improper authorization checks. This… New	CWE-863 Incorrect Authorization	CVE-2026-45081	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

42	7.7	HIGH Network	-	-	Budibase is an open-source low-code platform. Prior to 3.35.10, the Plugin URL upload endpoint (POST /api/plugin) validates the submitted URL with a single substring check: url.includes(".tar.gz"). A… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-45061	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

43	7.5	HIGH Network	-	-	bird-lg-go is a BIRD looking glass in Go. Prior to 1.4.5, the apiHandler (and similarly webHandlerTelegramBot) processes user-provided JSON payloads by directly using json.NewDecoder(r.Body).Decode(&… New	CWE-400 Uncontrolled Resource Consumption	CVE-2026-45047	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

44	8.8	HIGH Network	-	-	elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.68, an authenticated SQL injection vulnerability in the elFinder MySQL volume driver (elFinderVolu… New	CWE-89 SQL Injection	CVE-2026-44521	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

45	7.4	HIGH Network	-	-	FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totp_setup.php is callable from a session that has only passed the passwo… New	CWE-200 CWE-287 CWE-306 Information Exposure Improper Authentication Missing Authentication for Critical Function	CVE-2026-44460	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

46	9.3	CRITICAL Network	-	-	Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the component override system transpiles user-supplied TSX via Sucrase and evaluates it with new Function, shadowing dangerous global… New	CWE-693 Protection Mechanism Failure	CVE-2026-44451	2026-05-28 03:16	2026-05-27	Show	GitHub Exploit DB Packet Storm

47	-		-	-	Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encodings in BER data could cause quadratic behavior in the parser, resulting in a denial of service. Such … New	CWE-407 Inefficient Algorithmic Complexity	CVE-2026-44378	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

48	8.8	HIGH Network	-	-	BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].n… New	CWE-78 CWE-94 OS Command Code Injection	CVE-2026-44346	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

49	8.8	HIGH Network	-	-	BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, src/bentoml/_internal/container/frontend/dockerfile/templates/base_v2.j2 in… New	CWE-78 OS Command	CVE-2026-44345	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm

50	6.5	MEDIUM Network	-	-	free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's BSF PUT /nbsf-management/v1/subscriptions/{subId} handler has an unsynchronized write on the global Subscrip… New	CWE-362 CWE-820 Race Condition Missing Synchronization	CVE-2026-44318	2026-05-28 03:16	2026-05-28	Show	GitHub Exploit DB Packet Storm