Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 16, 2026, 10:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
681	5.4	警告 Network	PHPOffice	PhpSpreadsheet	PHPOfficeのPhpSpreadsheetにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-35453	2026-05-11 11:12	2026-05-5	Show	GitHub Exploit DB Packet Storm

682	9.1	緊急 Network	Zcash Foundation	Zebra-script Zebrad	Zcash FoundationのZebra-script等の複数製品における呼び出し元による仕様の不適切な準拠に関する脆弱性	CWE-573 呼び出し元による仕様の不適切な準拠	CVE-2026-41583	2026-05-11 11:12	2026-05-8	Show	GitHub Exploit DB Packet Storm

683	6.5	警告 Network	Zcash Foundation	zebra-rpc Zebrad	Zcash Foundationのzebra-rpc等の複数製品における複数の脆弱性	CWE-248 CWE-617	CVE-2026-41585	2026-05-11 11:12	2026-05-8	Show	GitHub Exploit DB Packet Storm

684	9.1	緊急 Network	Zcash Foundation	Zebra-script Zebrad	Zcash FoundationのZebra-script等の複数製品におけるデジタル署名の検証に関する脆弱性	CWE-347 デジタル署名の不適切な検証	CVE-2026-44497	2026-05-11 11:12	2026-05-8	Show	GitHub Exploit DB Packet Storm

685	5.3	警告 Network	Apache Software Foundation	CloudStack	Apache Software FoundationのCloudStackにおける複数の脆弱性	CWE-367 CWE-770	CVE-2025-69233	2026-05-11 11:12	2026-05-8	Show	GitHub Exploit DB Packet Storm

686	8.4	重要 Local	デル	data domain operating system PowerProtect DP Series Appliance	デルのdata domain operating system等の複数製品における弱い認証情報の使用に関する脆弱性	CWE-1391 脆弱な認証情報の使用	CVE-2026-23853	2026-05-11 11:12	2026-04-17	Show	GitHub Exploit DB Packet Storm

687	9.8	緊急 Network	vm2 project	vm2	vm2 projectのvm2における複数の脆弱性	CWE-693 CWE-94	CVE-2026-24118	2026-05-11 11:12	2026-05-4	Show	GitHub Exploit DB Packet Storm

688	9.8	緊急 Network	vm2 project	vm2	vm2 projectのvm2における複数の脆弱性	CWE-693 CWE-94	CVE-2026-24120	2026-05-11 11:12	2026-05-4	Show	GitHub Exploit DB Packet Storm

689	9.8	緊急 Network	vm2 project	vm2	vm2 projectのvm2における複数の脆弱性	CWE-693 CWE-94	CVE-2026-24781	2026-05-11 11:12	2026-05-4	Show	GitHub Exploit DB Packet Storm

690	6.3	警告 Network	Apache Software Foundation	CloudStack	Apache Software FoundationのCloudStackにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2026-25077	2026-05-11 11:12	2026-05-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 16, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1041	8.4	HIGH Local	-	-	Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. Update	CWE-822 Untrusted Pointer Dereference	CVE-2026-40367	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1042	8.8	HIGH Network	-	-	External control of file name or path in SQL Server allows an authorized attacker to execute code over a network. Update	CWE-73 External Control of File Name or Path	CVE-2026-40370	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1043	6.5	MEDIUM Network	-	-	Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. Update	CWE-200 Information Exposure	CVE-2026-40374	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1044	9.3	CRITICAL Network	-	-	Exposure of sensitive information to an unauthorized actor in Azure Entra ID allows an unauthorized attacker to perform spoofing over a network. Update	CWE-200 Information Exposure	CVE-2026-40379	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1045	7.8	HIGH Local	-	-	Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. Update	CWE-284 Improper Access Control	CVE-2026-40381	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1046	7.8	HIGH Local	-	-	Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally. Update	CWE-416 Use After Free	CVE-2026-40382	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1047	7.8	HIGH Local	-	-	Integer underflow (wrap or wraparound) in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. Update	CWE-191 Integer Underflow (Wrap or Wraparound)	CVE-2026-40397	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1048	7.8	HIGH Local	-	-	Heap-based buffer overflow in Windows Remote Desktop allows an authorized attacker to elevate privileges locally. Update	CWE-122 Heap-based Buffer Overflow	CVE-2026-40398	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1049	7.8	HIGH Local	-	-	Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. Update	CWE-121 Stack-based Buffer Overflow	CVE-2026-40399	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm

1050	7.1	HIGH Local	-	-	Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service locally. Update	CWE-476 NULL Pointer Dereference	CVE-2026-40401	2026-05-14 00:34	2026-05-13	Show	GitHub Exploit DB Packet Storm