Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
841	9.6	緊急 Network	Streetwriters	Notesnook Mobile Notesnook Desktop	StreetwritersのNotesnook Desktop等の複数製品における複数の脆弱性	CWE-79 CWE-94	CVE-2026-42090	2026-05-14 10:18	2026-05-4	Show	GitHub Exploit DB Packet Storm

842	6.5	警告 Network	goshs	goshs	goshsにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2026-42091	2026-05-14 10:18	2026-05-4	Show	GitHub Exploit DB Packet Storm

843	4.8	警告 Network	Weblate	wlc	Weblateのwlcにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-42150	2026-05-14 10:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

844	5.9	警告 Network	Teluu Ltd.	PJSIP	Teluu Ltd.のPJSIPにおける証明書検証に関する脆弱性	CWE-295 不正な証明書検証	CVE-2026-42225	2026-05-14 10:18	2026-05-7	Show	GitHub Exploit DB Packet Storm

845	4.3	警告 Network	Onyx	Onyx	Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-42276	2026-05-14 10:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

846	6.5	警告 Network	Onyx	Onyx	Onyxにおけるユーザ制御の鍵による認証回避に関する脆弱性	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-42277	2026-05-14 10:18	2026-05-8	Show	GitHub Exploit DB Packet Storm

847	5.5	警告 Local	Python Software Foundation	Python Pillow	Python Software FoundationのPython Pillowにおける整数オーバーフローの脆弱性	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-42308	2026-05-14 10:18	2026-05-9	Show	GitHub Exploit DB Packet Storm

848	5.5	警告 Local	Python Software Foundation	Python Pillow	Python Software FoundationのPython Pillowにおけるヒープベースのバッファオーバーフローの脆弱性	CWE-122 ヒープオーバーフロー	CVE-2026-42309	2026-05-14 10:18	2026-05-9	Show	GitHub Exploit DB Packet Storm

849	5.5	警告 Local	Python Software Foundation	Python Pillow	Python Software FoundationのPython Pillowにおける無限ループに関する脆弱性	CWE-835 無限ループ	CVE-2026-42310	2026-05-14 10:18	2026-05-9	Show	GitHub Exploit DB Packet Storm

850	8.1	重要 Network	Grav CMS	grav	Grav CMSのgravにおける複数の脆弱性	CWE-269 CWE-285 CWE-639 CWE-837	CVE-2026-42609	2026-05-14 10:18	2026-05-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
312101	4.2	MEDIUM Adjacent	jktyre	smart_tyre_car_\&_bike	An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.	CWE-294 Authentication Bypass by Capture-replay	CVE-2024-39081	2024-10-2 00:51	2024-09-18	Show	GitHub Exploit DB Packet Storm

312102	8.8	HIGH Adjacent	circutor	q-smt_firmware	An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only im…	NVD-CWE-Other	CVE-2024-8890	2024-10-2 00:46	2024-09-18	Show	GitHub Exploit DB Packet Storm

312103	9.8	CRITICAL Network	doverfuelingsolutions	progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware	The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.	CWE-798 Use of Hard-coded Credentials	CVE-2024-43423	2024-10-2 00:41	2024-09-25	Show	GitHub Exploit DB Packet Storm

312104	7.8	HIGH Local	projectdiscovery	nuclei	Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow…	CWE-78 OS Command	CVE-2024-43405	2024-10-2 00:37	2024-09-5	Show	GitHub Exploit DB Packet Storm

312105	8.8	HIGH Local	rust-lang	rust	Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.8…	CWE-88 Argument Injection	CVE-2024-43402	2024-10-2 00:12	2024-09-5	Show	GitHub Exploit DB Packet Storm

312106	6.1	MEDIUM Network	objectiv	simple_ldap_login	The Simple LDAP Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including…	CWE-79 Cross-site Scripting	CVE-2024-8715	2024-10-1 23:37	2024-09-28	Show	GitHub Exploit DB Packet Storm

312107	7.5	HIGH Network	huawei	harmonyos emui	Access permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect service confidentiality.	NVD-CWE-noinfo	CVE-2024-9136	2024-10-1 23:28	2024-09-27	Show	GitHub Exploit DB Packet Storm

312108	7.5	HIGH Network	huawei	emui harmonyos	Access permission verification vulnerability in the input method framework module Impact: Successful exploitation of this vulnerability may affect availability.	NVD-CWE-noinfo	CVE-2024-47294	2024-10-1 23:27	2024-09-27	Show	GitHub Exploit DB Packet Storm

312109	7.5	HIGH Network	huawei	harmonyos emui	Out-of-bounds write vulnerability in the HAL-WIFI module Impact: Successful exploitation of this vulnerability may affect availability.	CWE-787 Out-of-bounds Write	CVE-2024-47293	2024-10-1 23:25	2024-09-27	Show	GitHub Exploit DB Packet Storm

312110	5.5	MEDIUM Local	huawei	emui harmonyos	Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.	CWE-22 Path Traversal	CVE-2024-47292	2024-10-1 23:23	2024-09-27	Show	GitHub Exploit DB Packet Storm