Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 11, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
197541 9.6 緊急
Network 		オラクル - Oracle Java SE および Java SE Embedded における Hotspot に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3289 2017-02-1 16:58 2017-01-17 Show GitHub Exploit DB Packet Storm
197542 9.6 緊急
Network 		オラクル - Oracle Java SE および Java SE Embedded における Libraries に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3272 2017-02-1 16:58 2017-01-17 Show GitHub Exploit DB Packet Storm
197543 5.3 警告
Network 		オラクル - Oracle Java SE における Java Mission Control に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2017-3262 2017-02-1 16:58 2017-01-17 Show GitHub Exploit DB Packet Storm
197544 4.3 警告
Network 		オラクル - Oracle Java SE および Java SE Embedded における Networking に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3261 2017-02-1 16:58 2017-01-17 Show GitHub Exploit DB Packet Storm
197545 8.3 重要
Network 		オラクル - Oracle Java SE における AWT に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3260 2017-02-1 16:58 2017-01-17 Show GitHub Exploit DB Packet Storm
197546 3.7
Network 		オラクル - Oracle Java SE における Deployment に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3259 2017-02-1 16:57 2017-01-17 Show GitHub Exploit DB Packet Storm
197547 7.5 重要
Network 		オラクル - 複数の Oracle Java 製品における 2D に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3253 2017-02-1 16:57 2017-01-17 Show GitHub Exploit DB Packet Storm
197548 5.8 警告
Network 		オラクル - 複数の Oracle Java 製品における JAAS に関する脆弱性 CWE-noinfo
情報不足 		CVE-2017-3252 2017-02-1 16:57 2017-01-17 Show GitHub Exploit DB Packet Storm
197549 9 緊急
Network 		オラクル - 複数の Oracle Java 製品における RMI に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2017-3241 2017-02-1 16:57 2017-01-17 Show GitHub Exploit DB Packet Storm
197550 4.3 警告
Network 		オラクル - Oracle Java SE および Java SE Embedded における Networking に関する脆弱性 CWE-200
情報漏えい 		CVE-2017-3231 2017-02-1 16:57 2017-01-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
451 7.4 HIGH
Network 		- - Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPPars… New CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-42264 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
452 - - - Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags… New CWE-1236
 Improper Neutralization of Formula Elements in a CSV File 		CVE-2026-42267 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
453 4.1 MEDIUM
Network 		- - Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upl… New CWE-22
Path Traversal 		CVE-2026-44298 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
454 7.8 HIGH
Local 		- - The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… New CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2022-26522 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
455 5.3 MEDIUM
Local 		- - The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service… New CWE-400
 Uncontrolled Resource Consumption 		CVE-2022-26523 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
456 6.5 MEDIUM
Network 		- - Nokia Broadcast Message Center (BMC) before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field. New CWE-78
OS Command  		CVE-2022-45899 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
457 4.3 MEDIUM
Network 		- - Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the POST /chat/stop-chat-session/{chat_session_id} endpoint lets any authenticated user stop any other user's active cha… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42276 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
458 6.5 MEDIUM
Network 		- - Onyx is an open-source AI platform. Prior to versions 3.0.9, 3.1.6, and 3.2.6, the GET /chat/file/{file_id} endpoint allows any authenticated user to download any other user's uploaded files by provi… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42277 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
459 5.8 MEDIUM
Network 		- - solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization w… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42279 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm
460 7.5 HIGH
Network 		- - Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via crafted packet data to the SMB service on TCP port 445. New CWE-400
 Uncontrolled Resource Consumption 		CVE-2024-27686 2026-05-9 01:02 2026-05-8 Show GitHub Exploit DB Packet Storm