Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 17, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
731 9.8 緊急
Network 		Kestra Kestra KestraにおけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-38428 2026-05-11 11:10 2026-05-5 Show GitHub Exploit DB Packet Storm
732 7.2 重要
Network 		Gotenberg, Inc. Gotenberg TheCodingMachineのGotenbergにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-39383 2026-05-11 11:10 2026-05-5 Show GitHub Exploit DB Packet Storm
733 8.8 重要
Network 		Apache Software Foundation Apache NiFi Apache Software FoundationのApache NiFiにおける認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2026-39816 2026-05-11 11:10 2026-05-8 Show GitHub Exploit DB Packet Storm
734 8.2 重要
Network 		Quarkus Quarkus Quarkusにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-39852 2026-05-11 11:10 2026-05-5 Show GitHub Exploit DB Packet Storm
735 4.8 警告
Network 		Linux Containers Incus Linux ContainersのIncusにおける証明書検証に関する脆弱性 CWE-295
不正な証明書検証 		CVE-2026-40243 2026-05-11 11:10 2026-05-6 Show GitHub Exploit DB Packet Storm
736 7.5 重要
Network 		Gotenberg, Inc. Gotenberg TheCodingMachineのGotenbergにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-40280 2026-05-11 11:10 2026-05-5 Show GitHub Exploit DB Packet Storm
737 8.8 重要
Network 		Math.js Math.js Math.jsにおける動的に決定されたオブジェクト属性の不適切に制御された変更に関する脆弱性 CWE-915
動的に決定されたオブジェクト属性の不適切に制御された変更 		CVE-2026-41139 2026-05-11 11:10 2026-05-7 Show GitHub Exploit DB Packet Storm
738 8.8 重要
Network 		OpenEXR OpenEXR OpenEXRにおける整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-41142 2026-05-11 11:10 2026-05-7 Show GitHub Exploit DB Packet Storm
739 7.7 重要
Network 		Istio Istio Istioにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-41413 2026-05-11 11:09 2026-05-7 Show GitHub Exploit DB Packet Storm
740 8.1 重要
Network 		Mervin Praison (MervinPraison) PraisonAI Mervin Praison (MervinPraison)のPraisonAI等の複数製品におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2026-41496 2026-05-11 11:09 2026-05-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 17, 2026, 4:15 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
312111 6.1 MEDIUM
Network 		rws multitrans An HTML injection vulnerability in RWS MultiTrans v7.0.23324.2 and earlier allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent … CWE-79
Cross-site Scripting 		CVE-2024-43025 2024-10-1 02:51 2024-09-19 Show GitHub Exploit DB Packet Storm
312112 5.3 MEDIUM
Network 		coffee2code remember_me_controls The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php … CWE-209
Information Exposure Through an Error Message 		CVE-2024-7415 2024-10-1 02:46 2024-09-6 Show GitHub Exploit DB Packet Storm
312113 8.2 HIGH
Network 		scriptcase scriptcase Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting (XSS), due to the lack of input validation, affecting the “id_form_msg_title” parameter, among others. This vulnera… CWE-79
Cross-site Scripting 		CVE-2024-8942 2024-10-1 02:39 2024-09-25 Show GitHub Exploit DB Packet Storm
312114 7.5 HIGH
Network 		linuxptp_project linuxptp An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function NVD-CWE-noinfo
CVE-2024-42861 2024-10-1 02:35 2024-09-24 Show GitHub Exploit DB Packet Storm
312115 6.1 MEDIUM
Network 		flowiseai embed
flowise 		Flowise < 2.1.1 suffers from a Stored Cross-Site vulnerability due to a lack of input sanitization in Flowise Chat Embed < 2.0.0. CWE-79
Cross-site Scripting 		CVE-2024-9148 2024-10-1 02:34 2024-09-25 Show GitHub Exploit DB Packet Storm
312116 5.4 MEDIUM
Network 		concretecms concrete_cms Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users … CWE-79
Cross-site Scripting 		CVE-2024-7398 2024-10-1 01:12 2024-09-25 Show GitHub Exploit DB Packet Storm
312117 4.8 MEDIUM
Network 		concretecms concrete_cms Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete C… CWE-79
Cross-site Scripting 		CVE-2024-8291 2024-10-1 00:59 2024-09-25 Show GitHub Exploit DB Packet Storm
312118 2.7 LOW
Network 		github enterprise_server An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of G… NVD-CWE-noinfo
CVE-2024-8263 2024-10-1 00:57 2024-09-24 Show GitHub Exploit DB Packet Storm
312119 7.5 HIGH
Network 		ibm aspera_console IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabilit… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2022-43845 2024-10-1 00:53 2024-09-25 Show GitHub Exploit DB Packet Storm
312120 4.9 MEDIUM
Network 		zyxel wx5600-t0_firmware
wx3401-b0_firmware
wx3100-t0_firmware
scr50axe_firmware
px3321-t1_firmware
pm7300-t0_firmware
pm5100-t0_firmware
pm3100-t0_firmware
ax7501-b1_firmware
vm… 		An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated at… NVD-CWE-noinfo
CVE-2024-38268 2024-10-1 00:52 2024-09-24 Show GitHub Exploit DB Packet Storm