Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
195271 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2016-9633 2016-12-14 16:27 2016-11-7 Show GitHub Exploit DB Packet Storm
195272 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-9632 2016-12-14 16:27 2016-11-18 Show GitHub Exploit DB Packet Storm
195273 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2016-9631 2016-12-14 16:27 2016-11-17 Show GitHub Exploit DB Packet Storm
195274 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-9630 2016-12-14 16:27 2016-11-17 Show GitHub Exploit DB Packet Storm
195275 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2016-9629 2016-12-14 16:27 2016-11-15 Show GitHub Exploit DB Packet Storm
195276 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2016-9628 2016-12-14 16:27 2016-11-14 Show GitHub Exploit DB Packet Storm
195277 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-9627 2016-12-14 16:27 2016-11-14 Show GitHub Exploit DB Packet Storm
195278 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-9626 2016-12-14 16:27 2016-11-9 Show GitHub Exploit DB Packet Storm
195279 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-9625 2016-12-14 16:27 2016-11-7 Show GitHub Exploit DB Packet Storm
195280 6.5 警告
Network 		w3m project - Tatsuya Kinoshita w3m フォークにおけるサービス運用妨害 (DoS) の脆弱性 CWE-476
NULL ポインタデリファレンス 		CVE-2016-9624 2016-12-14 16:27 2016-11-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
41 7.5 HIGH
Network 		flowiseai flowise Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the password reset functionality on cloud.flowiseai.com sends a reset password link over the u… New CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-41275 2026-04-25 11:16 2026-04-24 Show GitHub Exploit DB Packet Storm
42 8.3 HIGH
Network 		flowiseai flowise Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Server-Side Request Forgery (SSRF) protection bypass vulnerability exists in the Custom Func… New CWE-284
CWE-918
Improper Access Control
Server-Side Request Forgery (SSRF)  		CVE-2026-41270 2026-04-25 11:16 2026-04-24 Show GitHub Exploit DB Packet Storm
43 7.5 HIGH
Network 		flowiseai flowise Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorizat… New CWE-200
CWE-522
CWE-862
Information Exposure
 Insufficiently Protected Credentials
 Missing Authorization 		CVE-2026-41266 2026-04-25 11:16 2026-04-24 Show GitHub Exploit DB Packet Storm
44 5.9 MEDIUM
Network 		- - @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKC… New CWE-307
CWE-1289
mproper Restriction of Excessive Authentication Attempts
 Improper Validation of Unsafe Equivalence in Input 		CVE-2026-41213 2026-04-25 11:16 2026-04-24 Show GitHub Exploit DB Packet Storm
45 7.7 HIGH
Network 		- - Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From 3.6.5 to 4.0.4, an unchecked array index in the pod informer's podGCFromPod() fun… New CWE-129
 Improper Validation of Array Index 		CVE-2026-40886 2026-04-25 11:16 2026-04-24 Show GitHub Exploit DB Packet Storm
46 - - - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file re… New CWE-22
Path Traversal 		CVE-2026-33077 2026-04-25 11:16 2026-04-24 Show GitHub Exploit DB Packet Storm
47 - - - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. New - CVE-2026-6175 2026-04-25 08:16 2026-04-25 Show GitHub Exploit DB Packet Storm
48 7.8 HIGH
Local 		- - NSIS (Nullsoft Scriptable Install System) 3.06.1 before 3.12 sometimes uses the Low IL temp directory when executing as SYSTEM, allowing local attackers to gain privileges (if they can cause my_GetTe… New CWE-427
 Uncontrolled Search Path Element 		CVE-2026-42171 2026-04-25 07:16 2026-04-25 Show GitHub Exploit DB Packet Storm
49 5.9 MEDIUM
Network 		- - Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute… New CWE-22
Path Traversal 		CVE-2026-6968 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
50 5.9 MEDIUM
Network 		- - Missing expiration, hash, and length enforcement in delegated metadata validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users with delegated signing authority to bypass TU… New CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2026-6967 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm