Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
193611	5.5	警告 Local	Google	-	Google Chrome の FFmpeg におけるヒープを破損される脆弱性	CWE-119 バッファエラー	CVE-2017-5025	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193612	4.3	警告 Network	Google	-	Google Chrome の Histogram における NULL ポインタデリファレンスを引き起こされる脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2017-5023	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193613	4.3	警告 Network	Google	-	Google Chrome の Blink におけるコンテンツセキュリティポリシーを回避される脆弱性	CWE-284 不適切なアクセス制御	CVE-2017-5022	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193614	6.1	警告 Network	Google	-	Google Chrome における悪意のある拡張機能をインストールされる脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5020	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193615	6.3	警告 Network	Google	-	Google Chrome におけるヒープを破損される脆弱性	CWE-416 解放済みメモリの使用	CVE-2017-5019	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193616	6.5	警告 Network	Google	-	Google Chrome の Blink における制御していないページ上で特定の UI 要素を表示される脆弱性	CWE-284 不適切なアクセス制御	CVE-2017-5016	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193617	6.5	警告 Network	Google	-	Google Chrome におけるドメインを偽装される脆弱性	CWE-284 不適切なアクセス制御	CVE-2017-5015	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193618	6.3	警告 Network	Google	-	Google Chrome の Skia におけるヒープバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2017-5014	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193619	6.5	警告 Network	Google	-	Google Chrome における Omnibox のコンテンツを偽造される脆弱性	CWE-284 不適切なアクセス制御	CVE-2017-5013	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

193620	8.8	重要 Network	Google	-	Google Chrome の V8 におけるヒープバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2017-5012	2017-02-22 16:58	2017-01-25	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
681	5.4	MEDIUM Network	wwbn	avideo	WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes ti… New	CWE-352 Origin Validation Error	CVE-2026-40928	2026-04-24 00:49	2026-04-22	Show	GitHub Exploit DB Packet Storm

682	5.4	MEDIUM Network	wwbn	avideo	WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It … New	CWE-352 Origin Validation Error	CVE-2026-40929	2026-04-24 00:48	2026-04-22	Show	GitHub Exploit DB Packet Storm

683	7.1	HIGH Network	wwbn	avideo	WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRu… New	CWE-352 Origin Validation Error	CVE-2026-40926	2026-04-24 00:48	2026-04-22	Show	GitHub Exploit DB Packet Storm

684	9.9	CRITICAL Network	flowiseai	flowise	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker ca… New	CWE-78 OS Command	CVE-2026-40933	2026-04-24 00:40	2026-04-22	Show	GitHub Exploit DB Packet Storm

685	7.1	HIGH Local	apktool	apktool	Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafte… New	CWE-22 Path Traversal	CVE-2026-39973	2026-04-24 00:39	2026-04-21	Show	GitHub Exploit DB Packet Storm

686	9.1	CRITICAL Network	-	-	Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields direct… New	CWE-89 SQL Injection	CVE-2026-41167	2026-04-24 00:37	2026-04-23	Show	GitHub Exploit DB Packet Storm

687	9.1	CRITICAL Network	-	-	EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an au… New	CWE-22 Path Traversal	CVE-2026-33656	2026-04-24 00:37	2026-04-23	Show	GitHub Exploit DB Packet Storm

688	7.5	HIGH Network	gnu	glibc	Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library versio… New	CWE-127 Buffer Under-read	CVE-2026-5928	2026-04-24 00:33	2026-04-21	Show	GitHub Exploit DB Packet Storm

689	9.8	CRITICAL Network	gnu	glibc	Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 cou… New	CWE-122 CWE-787 Heap-based Buffer Overflow Out-of-bounds Write	CVE-2026-5450	2026-04-24 00:33	2026-04-21	Show	GitHub Exploit DB Packet Storm

690	9.0	CRITICAL Network	gitroom	postiz	Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticated user to upload arbitrary HTML, SVG, or other executable file types to t… Update	CWE-79 CWE-345 CWE-434 Cross-site Scripting Insufficient Verification of Data Authenticity Unrestricted Upload of File with Dangerous Type	CVE-2026-40487	2026-04-24 00:27	2026-04-18	Show	GitHub Exploit DB Packet Storm