Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 2, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
881 4.3 警告
Network 		シックス・アパート株式会社 Movable Type Premium (Advanced Edition)
Movable Type
Movable Type Advanced
Movable Type Premium 		Movable Typeにおける権限チェックの欠如の脆弱性 CWE-Other
その他 		CVE-2026-44392 2026-05-20 14:09 2026-05-20 Show GitHub Exploit DB Packet Storm
882 4.3 警告
Network 		Outlook.com Microsoft Edge Chromium Microsoft Edge (Chromium ベース) for Android のスプーフィングの脆弱性 CWE-451
ユーザインターフェースにおける重要情報の誤った表示 		CVE-2026-40416 2026-05-20 13:31 2026-05-12 Show GitHub Exploit DB Packet Storm
883 4.3 警告
Network 		Mattermost, Inc. Mattermost Server Mattermost, Inc.のMattermost Serverにおける有効期限後または解放後のリソースの操作に関する脆弱性 CWE-672
有効期限後または解放後のリソースの操作 		CVE-2026-4053 2026-05-20 13:31 2026-05-15 Show GitHub Exploit DB Packet Storm
884 6.5 警告
Network 		Mattermost, Inc. Mattermost Server Mattermost, Inc.のMattermost Serverにおける例外的な状態のチェックに関する脆弱性 CWE-754
例外的な状態における不適切なチェック 		CVE-2026-4054 2026-05-20 13:31 2026-05-15 Show GitHub Exploit DB Packet Storm
885 8.2 重要
Network 		TheCodingMachine Gotenberg TheCodingMachineのGotenbergにおける複数の脆弱性 CWE-184
CWE-73
CVE-2026-40893 2026-05-20 13:31 2026-05-14 Show GitHub Exploit DB Packet Storm
886 7.8 重要
Local 		George Nachman iTerm2 George NachmanのiTerm2における信頼できない制御領域からの機能の組み込みに関する脆弱性 CWE-829
信頼性のない制御領域からの機能の組み込み 		CVE-2026-41253 2026-05-20 13:31 2026-04-18 Show GitHub Exploit DB Packet Storm
887 8.2 重要
Network 		Quantum Nous New API Quantum NousのNew APIにおける複数の脆弱性 CWE-1188
CWE-345
CWE-863
CVE-2026-41432 2026-05-20 13:31 2026-05-8 Show GitHub Exploit DB Packet Storm
888 8.8 重要
Network 		anyscale ray anyscaleのrayにおける複数の脆弱性 CWE-502
CWE-94
CVE-2026-41486 2026-05-20 13:31 2026-05-8 Show GitHub Exploit DB Packet Storm
889 4.4 警告
Local 		cilium cilium ciliumにおける複数の脆弱性 CWE-200
CWE-312
CWE-312
CVE-2026-41520 2026-05-20 13:31 2026-05-8 Show GitHub Exploit DB Packet Storm
890 7 重要
Local 		VMware VMware Fusion VMwareのVMware FusionにおけるTime-of-check Time-of-use (TOCTOU) 競合状態の脆弱性 CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態 		CVE-2026-41702 2026-05-20 13:31 2026-05-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2401 5.3 MEDIUM
Network 		concretecms concrete_cms Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau… CWE-565
CWE-639
 Reliance on Cookies without Validation and Integrity Checking
 Authorization Bypass Through User-Controlled Key 		CVE-2026-8337 2026-05-27 02:13 2026-05-22 Show GitHub Exploit DB Packet Storm
2402 9.8 CRITICAL
Network 		- - A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipul… CWE-77
CWE-78
Command Injection
OS Command  		CVE-2026-9543 2026-05-27 01:16 2026-05-26 Show GitHub Exploit DB Packet Storm
2403 3.3 LOW
Local 		- - A weakness has been identified in GNU LibreDWG up to 0.14. The impacted element is the function read_2004_compressed_section of the file src/decode.c of the component Dwgbmp Utility. Executing a mani… CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error') 
Out-of-bounds Read 		CVE-2026-9530 2026-05-27 01:16 2026-05-26 Show GitHub Exploit DB Packet Storm
2404 3.3 LOW
Local 		- - A weakness has been identified in GNU LibreDWG up to 0.14. Affected is the function bit_convert_TU of the file programs/dwggrep.c of the component Dwggrep Utility. This manipulation causes out-of-bou… CWE-119
CWE-125
Incorrect Access of Indexable Resource ('Range Error') 
Out-of-bounds Read 		CVE-2026-9504 2026-05-27 01:16 2026-05-26 Show GitHub Exploit DB Packet Storm
2405 - - - IEC 60870-5-104 used in bidirectional mode in RTU500 is vulnerable for a NULL pointer dereferencing, if a specially crafted sequence of messages is sent for a certain time, causing Denial of Service … CWE-476
 NULL Pointer Dereference 		CVE-2026-8479 2026-05-27 01:16 2026-05-26 Show GitHub Exploit DB Packet Storm
2406 - - - FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read vulnerability in the NetFlow v9 data flowset processor. In src/netflow_plugin/netflow_v9_collector.cpp, the Data template bra… - CVE-2026-48683 2026-05-27 01:16 2026-05-27 Show GitHub Exploit DB Packet Storm
2407 7.6 HIGH
Network 		- - Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following proces… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-45082 2026-05-27 01:16 2026-05-27 Show GitHub Exploit DB Packet Storm
2408 6.2 MEDIUM
Local 		- - In Arm ArmNN through 2026-03-27, an integer overflow in TensorShape::GetNumElements() in armnn/Tensor.cpp allows a crafted TFLite model file to bypass buffer size validation and trigger a heap-based … CWE-190
 Integer Overflow or Wraparound 		CVE-2026-42627 2026-05-27 01:16 2026-05-23 Show GitHub Exploit DB Packet Storm
2409 - - - An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ONLYOFFICE DocSpace before 3.2.1. The flaw exists in multiple REST API endpoints. This allows authenticated users with low-l… - CVE-2026-38587 2026-05-27 01:16 2026-05-27 Show GitHub Exploit DB Packet Storm
2410 7.0 HIGH
Local 		samba rsync Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replac… CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-29518 2026-05-27 01:16 2026-05-20 Show GitHub Exploit DB Packet Storm