Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
193711	5.5	警告 Local	Debian openSUSE project SUSE GraphicsMagick	-	GraphicsMagick におけるサービス運用妨害 (DoS) の脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2016-2318	2017-02-16 17:12	2016-07-1	Show	GitHub Exploit DB Packet Storm

193712	5.5	警告 Local	Debian openSUSE project SUSE GraphicsMagick	-	GraphicsMagick におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2016-2317	2017-02-16 17:12	2016-07-1	Show	GitHub Exploit DB Packet Storm

193713	7.5	重要 Network	F5 Networks	-	BIG-IP のバーチャルサーバにおける Traffic Management Microkernel を再起動される脆弱性	CWE-20 不適切な入力確認	CVE-2016-9249	2017-02-16 16:53	2016-11-9	Show	GitHub Exploit DB Packet Storm

193714	5.5	警告 Local	Joyent, Inc.	-	Joyent SmartOS の Hyprlofs ファイルシステムにおけるサービス運用妨害 (DoS) の脆弱性	CWE-400 リソースの枯渇	CVE-2016-9039	2017-02-16 16:53	2016-12-16	Show	GitHub Exploit DB Packet Storm

193715	5.6	警告 Network	SaltStack	-	Salt における設定された認証サービスを回避される脆弱性	CWE-287 不適切な認証	CVE-2016-3176	2017-02-16 16:53	2016-03-15	Show	GitHub Exploit DB Packet Storm

193716	7.5	重要 Network	Ruby-lang.org	-	OpenSSL gem for Ruby における暗号保護メカニズムを回避される脆弱性	CWE-310 暗号の問題	CVE-2016-7798	2017-02-16 16:49	2016-09-20	Show	GitHub Exploit DB Packet Storm

193717	9.8	緊急 Network	サムスン	-	Android 用 Samsung Exynos fimg2d ドライバにおける NULL ポインタデリファレンスを引き起こされる脆弱性	CWE-476 NULL ポインタデリファレンス	CVE-2016-6604	2017-02-16 15:41	2016-08-5	Show	GitHub Exploit DB Packet Storm

193718	5.5	警告 Local	Dropbox	-	Dropbox lepton の lepton/jpgcoder.cc の write_ujpg 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-125 境界外読み取り	CVE-2016-6238	2017-02-16 15:25	2016-07-17	Show	GitHub Exploit DB Packet Storm

193719	5.5	警告 Local	Dropbox	-	Dropbox lepton の lepton/jpgcoder.cc の build_huffcodes 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-787 境界外書き込み	CVE-2016-6237	2017-02-16 15:25	2016-07-17	Show	GitHub Exploit DB Packet Storm

193720	5.5	警告 Local	Dropbox	-	Dropbox lepton の lepton/jpgcoder.cc の setup_imginfo_jpg 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-125 境界外読み取り	CVE-2016-6236	2017-02-16 15:25	2016-07-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
131	8.1	HIGH Adjacent	-	-	Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. New	CWE-940 Improper Verification of Source of a Communication Channel	CVE-2026-40434	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

132	9.9	CRITICAL Network	-	-	Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a files… New	CWE-22 CWE-73 CWE-94 CWE-427 Path Traversal External Control of File Name or Path Code Injection Uncontrolled Search Path Element	CVE-2026-40342	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

133	6.8	MEDIUM Network	-	-	WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows an authenticated user to inject malicious JavaScript via the … New	CWE-79 Cross-site Scripting	CVE-2026-40283	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

134	8.8	HIGH Network	-	-	Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. New	CWE-494 Download of Code Without Integrity Check	CVE-2026-40066	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

135	8.8	HIGH Network	-	-	Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. New	CWE-77 Command Injection	CVE-2026-35682	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

136	9.8	CRITICAL Network	-	-	Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. New	CWE-306 Missing Authentication for Critical Function	CVE-2026-35546	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

137	7.5	HIGH Network	-	-	Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the sdl_desc() function does not validate the length of a decoded SDL descriptor from a… New	CWE-369 Divide By Zero	CVE-2026-35215	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

138	5.3	MEDIUM Network	-	-	Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. New	CWE-862 Missing Authorization	CVE-2026-35061	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

139	7.5	HIGH Network	-	-	Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the xdr_status_vector() function does not handle the isc_arg_cstring type when decoding… New	CWE-228 Improper Handling of Syntactically Invalid Structure	CVE-2026-34232	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

140	6.5	MEDIUM Network	-	-	Anviz CX2 Lite and CX7 administrative sessions occur over HTTP, enabling on‑path attackers to sniff credentials and session data, which can be used to compromise the device. New	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2026-33569	2026-04-18 05:16	2026-04-18	Show	GitHub Exploit DB Packet Storm