Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
199621	5.4	警告 Network		-	HPE Network Node Manager i におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2011	2016-05-11 16:49	2016-05-3	Show	GitHub Exploit DB Packet Storm

199622	5.4	警告 Network		-	HPE Network Node Manager i におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2010	2016-05-11 16:49	2016-05-3	Show	GitHub Exploit DB Packet Storm

199623	8.8	重要 Network		-	HPE Network Node Manager i における任意のコマンドを実行される脆弱性	CWE-Other その他	CVE-2016-2009	2016-05-11 16:49	2016-05-3	Show	GitHub Exploit DB Packet Storm

199624	7.8	重要 Local	freedesktop.org Debian Canonical Fedora Project	-	Poppler の ExponentialFunction::ExponentialFunction 関数におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2015-8868	2016-05-11 15:44	2015-12-22	Show	GitHub Exploit DB Packet Storm

199625	6.5	警告 Network	Apache Software Foundation	-	Apache Subversion の httpd サーバの mod_authz_svn モジュールの req_check_access 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2016-2168	2016-05-10 17:45	2016-04-28	Show	GitHub Exploit DB Packet Storm

199626	6.8	警告 Network	Apache Software Foundation	-	Apache Subversion の svnserve/cyrus_auth.c の canonicalize_username 関数における認証に関する脆弱性	CWE-Other その他	CVE-2016-2167	2016-05-10 17:45	2016-04-28	Show	GitHub Exploit DB Packet Storm

199627	7.5	重要 Network	OpenSSL Project	-	OpenSSL の crypto/rsa/rsa_gen.c における暗号保護メカニズムを破られる脆弱性	CWE-310 暗号の問題	CVE-2000-1254	2016-05-10 17:39	2000-06-1	Show	GitHub Exploit DB Packet Storm

199628	7.4	重要 Network	シスコシステムズ	-	Cisco Prime Collaboration Assurance ソフトウェアにおけるオープンリダイレクトの脆弱性	CWE-Other その他	CVE-2016-1392	2016-05-10 15:02	2016-05-3	Show	GitHub Exploit DB Packet Storm

199629	9.8	緊急 Network	シスコシステムズ	-	Cisco TelePresence ソフトウェアの TC および CE の XML API における制御コマンドを実行される脆弱性	CWE-287 不適切な認証	CVE-2016-1387	2016-05-10 15:02	2016-05-4	Show	GitHub Exploit DB Packet Storm

199630	7.5	重要 Network	varnish-cache.org Debian	-	Varnish における任意の HTTP ヘッダを挿入される脆弱性	CWE-Other その他	CVE-2015-8852	2016-05-10 11:17	2015-03-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
71	9.1	CRITICAL Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ direct… New	CWE-269 CWE-434 CWE-552 Improper Privilege Management Unrestricted Upload of File with Dangerous Type Files or Directories Accessible to External Parties	CVE-2026-40484	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

72	5.4	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via html… New	CWE-79 CWE-116 Cross-site Scripting Improper Encoding or Escaping of Output	CVE-2026-40483	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

73	-		-	-	ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQ… New	CWE-89 SQL Injection	CVE-2026-40482	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

74	-		-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorizatio… New	CWE-639 CWE-862 Authorization Bypass Through User-Controlled Key Missing Authorization	CVE-2026-40480	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

75	8.8	HIGH Network	-	-	Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can escalate their own account to administrator by sending `isAdmin=… New	CWE-862 Missing Authorization	CVE-2026-40349	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

76	7.7	HIGH Network	-	-	Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets throu… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-40348	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

77	5.3	MEDIUM Network	-	-	Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or… New	CWE-400 CWE-834 Uncontrolled Resource Consumption Excessive Iteration	CVE-2026-40347	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

78	-		-	-	NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request ac… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-40346	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

79	3.5	LOW Physics	-	-	libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input f… New	CWE-126 Buffer Over-read	CVE-2026-40341	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

80	6.1	MEDIUM Physics	-	-	libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The … New	CWE-125 Out-of-bounds Read	CVE-2026-40340	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm