Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 25, 2026, 2:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
71	8.8	重要 Local	FreeBSD	FreeBSD	FreeBSDにおけるスタックベースのバッファオーバーフローの脆弱性 New	CWE-121 スタックオーバーフロー	CVE-2026-39461	2026-05-25 10:22	2026-05-21	Show	GitHub Exploit DB Packet Storm

72	6.5	警告 Network	plane	plane	planeにおけるデータクエリロジックの特殊要素の不適切な中立化に関する脆弱性 New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-40102	2026-05-25 10:22	2026-05-20	Show	GitHub Exploit DB Packet Storm

73	7.5	重要 Network	マイクロソフト	Microsoft Entra ID	Microsoft Entra ID のスプーフィングの脆弱性 New	CWE-200 情報漏えい	CVE-2026-40379	2026-05-25 10:22	2026-05-12	Show	GitHub Exploit DB Packet Storm

74	4.3	警告 Network	Mattermost, Inc.	Mattermost Server	Mattermost, Inc.のMattermost Serverにおける不正な認証に関する脆弱性 New	CWE-863 不正な認証	CVE-2026-4055	2026-05-25 10:22	2026-05-21	Show	GitHub Exploit DB Packet Storm

75	7.8	重要 Local	Samba Project	rsync	Samba Projectのrsyncにおけるレングスパラメーターの不整合による処理に関する脆弱性 New	CWE-130 レングスパラメーターの不整合による不適切な処理	CVE-2026-41035	2026-05-25 10:22	2026-04-16	Show	GitHub Exploit DB Packet Storm

76	9.8	緊急 Network	NASA	F Prime	NASAのF Primeにおける複数の脆弱性 New	CWE-190 CWE-787	CVE-2026-41144	2026-05-25 10:22	2026-04-22	Show	GitHub Exploit DB Packet Storm

77	7.8	重要 Local	DevSpace	DevSpace	DevSpaceにおける複数の脆弱性 New	CWE-200 CWE-306	CVE-2026-42283	2026-05-25 10:22	2026-05-14	Show	GitHub Exploit DB Packet Storm

78	10	緊急 Network	マイクロソフト The Foreman	Azure Resource Manager Azure Local	Azure Local 向けディスコネクテッドオペレーションサービスの特権昇格の脆弱性 New	CWE-287 CWE-noinfo	CVE-2026-42822	2026-05-25 10:22	2026-05-18	Show	GitHub Exploit DB Packet Storm

79	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不完全なクリーンアップに関する脆弱性 New	CWE-459 不完全なクリーンアップ	CVE-2026-43395	2026-05-25 10:22	2026-05-8	Show	GitHub Exploit DB Packet Storm

80	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性 New	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-43396	2026-05-25 10:22	2026-05-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 25, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
891	6.5	MEDIUM Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.11, the API /api/v1/notes/{note_id} endpoint lacks proper authorization checks, allowin…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-45666	2026-05-19 10:28	2026-05-16	Show	GitHub Exploit DB Packet Storm

892	8.1	HIGH Network	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due…	CWE-79 Cross-site Scripting	CVE-2026-45665	2026-05-19 10:28	2026-05-16	Show	GitHub Exploit DB Packet Storm

893	6.3	MEDIUM Network	-	-	A vulnerability was found in Investintech SlimPDFReader up to 2.0.13. Affected by this vulnerability is the function sub_3B4610 of the file SlimPDFReader.exe. The manipulation results in stack-based …	CWE-119 CWE-121 Incorrect Access of Indexable Resource ('Range Error') Stack-based Buffer Overflow	CVE-2026-8733	2026-05-19 06:16	2026-05-17	Show	GitHub Exploit DB Packet Storm

894	-		-	-	* Countermeasures for DPA within SYMCRYPTO engine on SixG301xxx devices are not sufficiently random and will eventually repeat. * KSU keys using SYMCRYPTO will be impacted by this vulnerability.	CWE-331 Insufficient Entropy	CVE-2025-14972	2026-05-19 05:27	2026-05-16	Show	GitHub Exploit DB Packet Storm

895	8.2	HIGH Network	-	-	A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu…	CWE-124 Buffer Underflow	CVE-2026-34253	2026-05-19 05:23	2026-05-16	Show	GitHub Exploit DB Packet Storm

896	7.5	HIGH Network	-	-	An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write, lib/smtp-stream.js components	CWE-400 Uncontrolled Resource Consumption	CVE-2026-38728	2026-05-19 05:23	2026-05-16	Show	GitHub Exploit DB Packet Storm

897	4.6	MEDIUM Network	-	-	HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios.	CWE-863 Incorrect Authorization	CVE-2026-21789	2026-05-19 05:23	2026-05-19	Show	GitHub Exploit DB Packet Storm

898	8.2	HIGH Local	-	-	Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash.	CWE-346 Origin Validation Error	CVE-2026-46728	2026-05-19 05:23	2026-05-17	Show	GitHub Exploit DB Packet Storm

899	4.6	MEDIUM Local	-	-	Claude HUD through 0.0.12, patched in commit 234d9aa, constructs OSC 8 terminal hyperlink escape sequences using raw cwd and branchUrl values without stripping control characters or encoding embedded…	CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences	CVE-2026-47090	2026-05-19 05:19	2026-05-19	Show	GitHub Exploit DB Packet Storm

900	3.3	LOW Local	-	-	Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin…	CWE-22 Path Traversal	CVE-2026-47091	2026-05-19 05:19	2026-05-19	Show	GitHub Exploit DB Packet Storm