Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
194601 7 重要
Local 		Linux - Synaptics タッチスクリーン ドライバにおける権限を昇格される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-8394 2017-01-25 10:39 2016-12-5 Show GitHub Exploit DB Packet Storm
194602 7 重要
Local 		Linux - Synaptics タッチスクリーン ドライバにおける権限を昇格される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-8393 2017-01-25 10:39 2016-12-5 Show GitHub Exploit DB Packet Storm
194603 7 重要
Local 		Linux - Qualcomm Wi-Fi ドライバにおける権限を昇格される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-8452 2017-01-25 10:06 2016-10-28 Show GitHub Exploit DB Packet Storm
194604 7 重要
Local 		Linux - Qualcomm サウンド ドライバにおける権限を昇格される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-8450 2017-01-25 10:06 2016-10-13 Show GitHub Exploit DB Packet Storm
194605 7 重要
Local 		Linux - Qualcomm カメラにおける権限を昇格される脆弱性 CWE-284
不適切なアクセス制御 		CVE-2016-8444 2017-01-25 10:06 2016-08-26 Show GitHub Exploit DB Packet Storm
194606 7.8 重要
Local 		Google
Linux		 - Qualcomm ビデオドライバにおける権限を昇格される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2016-8436 2017-01-25 10:06 2016-10-13 Show GitHub Exploit DB Packet Storm
194607 4.7 警告
Local 		Linux - HTC の入力ドライバにおける情報を公開される脆弱性 CWE-200
情報漏えい 		CVE-2016-8475 2017-01-25 10:00 2016-10-30 Show GitHub Exploit DB Packet Storm
194608 7 重要
Local 		Linux - Kernel のサウンドサブシステムにおける権限を昇格される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-0404 2017-01-25 09:55 2017-01-3 Show GitHub Exploit DB Packet Storm
194609 7 重要
Local 		Linux - Kernel のパフォーマンスサブシステムにおける権限を昇格される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-0403 2017-01-25 09:55 2017-01-3 Show GitHub Exploit DB Packet Storm
194610 5.5 警告
Local 		Google - Contacts における権限を昇格される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2017-0395 2017-01-25 09:52 2017-01-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
781 5.3 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, l… New CWE-804
 Guessable CAPTCHA 		CVE-2026-40935 2026-04-24 00:50 2026-04-22 Show GitHub Exploit DB Packet Storm
782 7.8 HIGH
Local 		node-modules compressing Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility… New CWE-59
Link Following 		CVE-2026-40931 2026-04-24 00:49 2026-04-22 Show GitHub Exploit DB Packet Storm
783 5.4 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes ti… New CWE-352
 Origin Validation Error 		CVE-2026-40928 2026-04-24 00:49 2026-04-22 Show GitHub Exploit DB Packet Storm
784 5.4 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It … New CWE-352
 Origin Validation Error 		CVE-2026-40929 2026-04-24 00:48 2026-04-22 Show GitHub Exploit DB Packet Storm
785 7.1 HIGH
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRu… New CWE-352
 Origin Validation Error 		CVE-2026-40926 2026-04-24 00:48 2026-04-22 Show GitHub Exploit DB Packet Storm
786 9.9 CRITICAL
Network 		flowiseai flowise Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker ca… New CWE-78
OS Command  		CVE-2026-40933 2026-04-24 00:40 2026-04-22 Show GitHub Exploit DB Packet Storm
787 7.1 HIGH
Local 		apktool apktool Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafte… New CWE-22
Path Traversal 		CVE-2026-39973 2026-04-24 00:39 2026-04-21 Show GitHub Exploit DB Packet Storm
788 9.1 CRITICAL
Network 		- - Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields direct… New CWE-89
SQL Injection 		CVE-2026-41167 2026-04-24 00:37 2026-04-23 Show GitHub Exploit DB Packet Storm
789 9.1 CRITICAL
Network 		- - EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an au… New CWE-22
Path Traversal 		CVE-2026-33656 2026-04-24 00:37 2026-04-23 Show GitHub Exploit DB Packet Storm
790 7.5 HIGH
Network 		gnu glibc Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library versio… New CWE-127
 Buffer Under-read 		CVE-2026-5928 2026-04-24 00:33 2026-04-21 Show GitHub Exploit DB Packet Storm